fn

package module
v0.0.0-...-79a6b60 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 25, 2023 License: Apache-2.0 Imports: 5 Imported by: 0

README

Berglas Cloud Functions Example - Go

This guide assumes you have followed the setup instructions in the README. Specifically, it is assumed that you have created a project, Cloud Storage bucket, and Cloud KMS key.

  1. Make sure you are in the examples/cloudfunctions/go folder before continuing!

  2. Export the environment variables for your configuration:

    Using Secret Manager storage:

    export PROJECT_ID=my-project

    Using Cloud Storage storage:

    export PROJECT_ID=my-project
export BUCKET_ID=my-bucket
export KMS_KEY=projects/${PROJECT_ID}/locations/global/keyRings/berglas/cryptoKeys/berglas-key

  3. Create two secrets using the berglas CLI (see README for installation instructions):

    Using Secret Manager storage:

    berglas create sm://${PROJECT_ID}/api-key "xxx-yyy-zzz"

    berglas create sm://${PROJECT_ID}/tls-key "=== BEGIN RSA PRIVATE KEY..."

    Using Cloud Storage storage:

    berglas create ${BUCKET_ID}/api-key "xxx-yyy-zzz" \
  --key ${KMS_KEY}

    berglas create ${BUCKET_ID}/tls-key "=== BEGIN RSA PRIVATE KEY..." \
  --key ${KMS_KEY}

  4. Create a service account which will be assigned to the Cloud Function later:

    gcloud iam service-accounts create berglas-service-account \
  --project ${PROJECT_ID} \
  --display-name "berglas Cloud Functions Example"

  5. Save the service account email because it will be used later:

    export SA_EMAIL=berglas-service-account@${PROJECT_ID}.iam.gserviceaccount.com

  6. Grant the service account access to the secrets:

    Using Secret Manager storage:

    berglas grant sm://${PROJECT_ID}/api-key --member serviceAccount:${SA_EMAIL}
berglas grant sm://${PROJECT_ID}/tls-key --member serviceAccount:${SA_EMAIL}

    Using Google Cloud storage:

    berglas grant ${BUCKET_ID}/api-key --member serviceAccount:${SA_EMAIL}
berglas grant ${BUCKET_ID}/tls-key --member serviceAccount:${SA_EMAIL}

  7. Deploy the Cloud Function:

    gcloud functions deploy berglas-example-go \
  --project ${PROJECT_ID} \
  --region us-central1 \
  --runtime go111 \
  --memory 1G \
  --max-instances 10 \
  --service-account ${SA_EMAIL} \
  --set-env-vars "API_KEY=berglas://${BUCKET_ID}/api-key,TLS_KEY=berglas://${BUCKET_ID}/tls-key?destination=tempfile" \
  --entry-point F \
  --trigger-http \
  --allow-unauthenticated

  8. Access the function:

    curl $(gcloud functions describe berglas-example-go --project ${PROJECT_ID} --format 'value(httpsTrigger.url)')

  9. (Optional) Delete the function:

    gcloud functions delete berglas-example-go \
  --quiet \
  --project ${PROJECT_ID} \
  --region us-central1

  10. (Optional) Revoke access to the secrets:

    Using Secret Manager storage:

    berglas revoke sm://${PROJECT_ID}/api-key --member serviceAccount:${SA_EMAIL}
berglas revoke sm://${PROJECT_ID}/tls-key --member serviceAccount:${SA_EMAIL}

    Using Cloud Storage storage:

    berglas revoke ${BUCKET_ID}/api-key --member serviceAccount:${SA_EMAIL}
berglas revoke ${BUCKET_ID}/tls-key --member serviceAccount:${SA_EMAIL}

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func F 

func F(w http.ResponseWriter, r *http.Request)

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.