Merge pull request #154 from ovotech/add-gcf-entrypoint

Add gcf entrypoint

Author: Chris Every

.circleci/config.yml

@@ -15,10 +15,22 @@ jobs:
       - run:
            name: goreleaser
            command: |
-             export GITHUB_TOKEN=$GITHUB
              export GO111MODULE=on
              go mod download
              curl -sL https://git.io/goreleaser | bash
+  release_cloudfunction_zip:
+    docker:
+      - image: cibuilds/github
+    steps:
+      - checkout
+
+      - run:
+          name: "Publish Release on GitHub"
+          command: |
+            VERSION=$(echo ${CIRCLE_TAG} | sed 's/^v//')
+            ZIP_NAME=cloud-key-rotator_${VERSION}_cloudfunction
+            zip -R ${ZIP_NAME} '*.go' 'go.mod'
+            ghr -t ${GITHUB_TOKEN} -u ${CIRCLE_PROJECT_USERNAME} -r ${CIRCLE_PROJECT_REPONAME} ${CIRCLE_TAG} ${ZIP_NAME}.zip
   docker_build_and_push:
     <<: *defaults
 
@@ -129,14 +141,20 @@ jobs:
 
 workflows:
   version: 2
-  goreleaser_pipeline:
+  release_pipeline:
     jobs:
       - goreleaser:
           filters:
             tags:
               only: /v[0-9]+(\.[0-9]+)*(-.*)*/
             branches:
               ignore: /.*/
+      - release_cloudfunction_zip:
+          filters:
+            tags:
+              only: /v[0-9]+(\.[0-9]+)*(-.*)*/
+            branches:
+              ignore: /.*/
       - docker_build_and_push:
           filters:
             tags:

.goreleaser.yml

@@ -12,15 +12,17 @@ archives:
     name_template: "{{ .ProjectName }}_{{ .Version }}_lambda"
 builds:
   - id: binary-build
-    main: ./
+    binary: cloud-key-rotator
+    main: ./cmd/
     goos:
       - windows
       - darwin
       - linux
     goarch:
       - amd64
   - id: lambda-build
-    main: ./
+    binary: cloud-key-rotator
+    main: ./cmd/
     goos:
       - linux
     goarch:

cloudfunction.go

@@ -0,0 +1,52 @@
+package cloudfunction
+
+import (
+	"fmt"
+	"net/http"
+	"os"
+
+	"github.com/ovotech/cloud-key-rotator/pkg/config"
+	"github.com/ovotech/cloud-key-rotator/pkg/log"
+	"github.com/ovotech/cloud-key-rotator/pkg/rotate"
+)
+
+var logger = log.StdoutLogger().Sugar()
+
+// Request is the CloudFunction entrypoint
+func Request(w http.ResponseWriter, r *http.Request) {
+	var c config.Config
+	var err error
+	var bucketName string
+	var ok bool
+	bucketEnvVarName := "CKR_BUCKET_NAME"
+	if bucketName, ok = os.LookupEnv(bucketEnvVarName); !ok {
+		logCloudFunctionError(w, fmt.Errorf("Env var: %s is required", bucketEnvVarName))
+		return
+	}
+	if c, err = config.GetConfigFromGCS(
+		bucketName,
+		getEnv("CKR_SECRET_CONFIG_NAME", "ckr-config.json"),
+		getEnv("CKR_CONFIG_TYPE", "json")); err != nil {
+		logCloudFunctionError(w, err)
+		return
+	}
+	if err = rotate.Rotate("", "", "", c); err != nil {
+		logCloudFunctionError(w, err)
+		return
+	}
+}
+
+func logCloudFunctionError(w http.ResponseWriter, err error) {
+	w.WriteHeader(http.StatusInternalServerError)
+	w.Write([]byte(err.Error()))
+	logger.Error(err)
+}
+
+//getEnv returns the value of the env var matching the key, if it exists, and
+// the value of fallback otherwise
+func getEnv(key, fallback string) string {
+	if value, ok := os.LookupEnv(key); ok {
+		return value
+	}
+	return fallback
+}

cmd/root.go cmd/cobra/root.go

@@ -19,8 +19,9 @@ import (
 	"os"
 
 	"github.com/aws/aws-lambda-go/lambda"
-	"github.com/ovotech/cloud-key-rotator/cmd"
+	cmd "github.com/ovotech/cloud-key-rotator/cmd/cobra"
 	"github.com/ovotech/cloud-key-rotator/pkg/config"
+	"github.com/ovotech/cloud-key-rotator/pkg/log"
 	"github.com/ovotech/cloud-key-rotator/pkg/rotate"
 )
 
@@ -29,6 +30,8 @@ type MyEvent struct {
 	Name string `json:"name"`
 }
 
+var logger = log.StdoutLogger().Sugar()
+
 //HandleRequest allows cloud-key-rotator to be used in the Lambda program model
 func HandleRequest(ctx context.Context, name MyEvent) (string, error) {
 	var c config.Config

cmd/rotate.go cmd/cobra/rotate.go

@@ -4,6 +4,7 @@ go 1.12
 
 require (
 	cloud.google.com/go v0.46.3
+	cloud.google.com/go/storage v1.0.0
 	github.com/aws/aws-lambda-go v1.13.2
 	github.com/aws/aws-sdk-go v1.25.0
 	github.com/beamly/go-gocd v0.0.0-20190719193049-383d56afbf92

main.go cmd/main.go

@@ -16,8 +16,11 @@ package config
 
 import (
 	"bytes"
+	"context"
 	"errors"
+	"io/ioutil"
 
+	"cloud.google.com/go/storage"
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/secretsmanager"
@@ -100,8 +103,8 @@ func GetConfig(configPath string) (c Config, err error) {
 	return
 }
 
-// GetConfigFromAWSSecretManager grabs the cloud-key-rotator's config from
-// AWS Secret Manager
+//GetConfigFromAWSSecretManager grabs the cloud-key-rotator's config from
+//AWS Secret Manager
 func GetConfigFromAWSSecretManager(secretName, configType string) (c Config, err error) {
 	var secret string
 	if secret, err = GetSecret(secretName); err != nil {
@@ -116,6 +119,30 @@ func GetConfigFromAWSSecretManager(secretName, configType string) (c Config, err
 	return
 }
 
+//GetConfigFromGCS grabs the cloud-key-rotator's config from GCS
+func GetConfigFromGCS(bucketName, objectName, configType string) (c Config, err error) {
+	ctx := context.Background()
+	var client *storage.Client
+	if client, err = storage.NewClient(ctx); err != nil {
+		return
+	}
+	bkt := client.Bucket(bucketName)
+	obj := bkt.Object(objectName)
+	var rc *storage.Reader
+	if rc, err = obj.NewReader(ctx); err != nil {
+		return
+	}
+	defer rc.Close()
+	var data []byte
+	if data, err = ioutil.ReadAll(rc); err != nil {
+		return
+	}
+	viper.SetConfigType(configType)
+	viper.ReadConfig(bytes.NewReader(data))
+	err = viper.Unmarshal(&c)
+	return
+}
+
 //GetSecret gets the value of the secret in AWS SecretsManager with the specified name
 func GetSecret(secretName string) (secretString string, err error) {
 	//Create a Secrets Manager client