This is an automated email from the ASF dual-hosted git repository.
mhamann pushed a commit to branch master
in repository
https://gitbox.apache.org/repos/asf/incubator-openwhisk-apigateway.git
The following commit(s) were added to refs/heads/master by this push:
new da17089 Add option to encrypt redis password (#302)
da17089 is described below
commit da17089d27118200c99c1e81483ea84f3309999f
Author: Alex Song <[email protected]>
AuthorDate: Fri May 18 22:43:35 2018 -0400
Add option to encrypt redis password (#302)
---
Dockerfile | 2 +-
Makefile | 1 +
README.md | 5 +++++
api-gateway.conf | 3 +++
init.sh | 4 ++++
5 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/Dockerfile b/Dockerfile
index 9962c92..124e2e1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -26,7 +26,7 @@ FROM alpine:latest
# install dependencies
RUN apk --update add \
gcc tar libtool zlib jemalloc jemalloc-dev perl \
- ca-certificates wget make musl-dev openssl-dev pcre-dev g++ zlib-dev curl
python \
+ ca-certificates wget make musl-dev openssl-dev openssl pcre-dev g++
zlib-dev curl python \
perl-test-longstring perl-list-moreutils perl-http-message geoip-dev
dumb-init jq \
&& update-ca-certificates \
&& rm -rf /var/cache/apk/*
diff --git a/Makefile b/Makefile
index 8411007..d4eee3b 100644
--- a/Makefile
+++ b/Makefile
@@ -58,6 +58,7 @@ docker-run:
docker run --rm --name="apigateway" -p 80:80 -p
${PUBLIC_MANAGEDURL_PORT}:8080 -p 9000:9000 \
-e PUBLIC_MANAGEDURL_HOST=${PUBLIC_MANAGEDURL_HOST} -e
PUBLIC_MANAGEDURL_PORT=${PUBLIC_MANAGEDURL_PORT} \
-e REDIS_HOST=${REDIS_HOST} -e REDIS_PORT=${REDIS_PORT} -e
REDIS_PASS=${REDIS_PASS} \
+ -e DECRYPT_REDIS_PASS=${DECRYPT_REDIS_PASS} -e
ENCRYPTION_KEY=${ENCRYPTION_KEY} -e ENCRYPTION_IV=${ENCRYPTION_IV} \
-e
TOKEN_GOOGLE_URL=https://www.googleapis.com/oauth2/v3/tokeninfo \
-e TOKEN_FACEBOOK_URL=https://graph.facebook.com/debug_token \
-e TOKEN_GITHUB_URL=https://api.github.com/user \
diff --git a/README.md b/README.md
index 7b77729..ae8fbf6 100644
--- a/README.md
+++ b/README.md
@@ -50,6 +50,11 @@ docker run -p 80:80 -p <managedurl_port>:8080 -p 9000:9000 \
openwhisk/apigateway:latest
```
+(Optional) The redis password can be passed in encrypted using the
`aes-256-cbc` encryption algorithm. To do so, pass in the following environment
variables, in addition to the encrypted password:
+- `DECRYPT_REDIS_PASS=true`
+- `ENCRYPTION_KEY=<32 Byte hex string that was used for encryption>`
+- `ENCRYPTION_IV=<16 Byte hex string that was used for encryption>`
+
## API
- [v2 Management
Interface](https://github.com/openwhisk/openwhisk-apigateway/blob/master/doc/v2/management_interface_v2.md)
- [v1 Management
Interface](https://github.com/openwhisk/openwhisk-apigateway/blob/master/doc/v1/management_interface_v1.md)
diff --git a/api-gateway.conf b/api-gateway.conf
index 0486fd1..64da494 100644
--- a/api-gateway.conf
+++ b/api-gateway.conf
@@ -43,6 +43,9 @@ env TOKEN_GOOGLE_URL;
env TOKEN_FACEBOOK_URL;
env TOKEN_GITHUB_URL;
+env ENCRYPTION_KEY;
+env ENCRYPTION_IV;
+
events {
use epoll;
diff --git a/init.sh b/init.sh
index 4c4cd35..c68fe96 100755
--- a/init.sh
+++ b/init.sh
@@ -21,6 +21,10 @@ log_level=${LOG_LEVEL:-warn}
marathon_host=${MARATHON_HOST}
redis_host=${REDIS_HOST}
redis_port=${REDIS_PORT}
+if [ "${DECRYPT_REDIS_PASS}" == "true" ]; then
+ export REDIS_PASS=$(printf "${REDIS_PASS}\n" | openssl enc -d -K
${ENCRYPTION_KEY} -iv ${ENCRYPTION_IV} -aes-256-cbc -base64)
+fi
+
sleep_duration=${MARATHON_POLL_INTERVAL:-5}
# location for a remote /etc/api-gateway folder.
# i.e s3://api-gateway-config
--
To stop receiving notification emails like this one, please contact
[email protected].
