instructions

author: Alexander Rakoczy <[email protected]> 2021-11-18 15:10:47 -0500
committer: Alexander Rakoczy <[email protected]> 2021-11-18 15:10:47 -0500
commit: 1cdf6bac9abb2b895e0532a4502ccdff0183896b (patch)
tree: ec0c9da3b0fbbdf941d1c2be1ea2c6294495e62d
parent: 9f4e5e1d7e45de468f9ec663837488ab62cc06f4 (diff)
4 files changed, 55 insertions, 42 deletions
diff --git a/Dockerfile b/Dockerfile
index d5efbfd..9c4a27a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -23,12 +23,11 @@ RUN $GOROOT_BOOTSTRAP/bin/go build -o /workdir/server ./cmd/server
 
 FROM marketplace.gcr.io/google/debian11 AS run
 
-RUN apt-get update && apt-get install -y --no-install-recommends 'exiftool'
+RUN apt-get update && apt-get install -y --no-install-recommends exiftool tini
 
 ENV PORT=8080
 
 COPY --from=build /workdir/server /app/server
 RUN mkdir -p /app
-#RUN mv /workdir/server /app
 
 ENTRYPOINT /app/server
diff --git a/cmd/server/main.go b/cmd/server/main.go
index 58dc87d..321cb88 100644
--- a/cmd/server/main.go
+++ b/cmd/server/main.go
@@ -9,6 +9,7 @@ import (
 	"encoding/base64"
 	"encoding/hex"
 	"errors"
+	"flag"
 	"fmt"
 	"io"
 	"io/fs"
@@ -33,7 +34,13 @@ import (
 	secretmanager2 "google.golang.org/genproto/googleapis/cloud/secretmanager/v1"
 )
 
+var (
+	bucket     = flag.String("bucket", "", "GCS bucket to store files")
+	secretName = flag.String("secret-name", "", "Secret manager secret name")
+)
+
 func main() {
+	flag.Parse()
 	var host string
 	port := os.Getenv("PORT")
 	if port == "" {
@@ -46,7 +53,7 @@ func main() {
 	if err != nil {
 		log.Fatalf("storage.NewClient() = _, %v", err)
 	}
-	b := cl.Bucket("i-dis-band-east4")
+	b := cl.Bucket(*bucket)
 	http.Handle("/upload", upload(b))
 	http.Handle("/", fileServerHandler(internal.Static, image(b, http.HandlerFunc(home))))
 	log.Printf("Listening on %s\n", net.JoinHostPort(host, port))
@@ -70,7 +77,7 @@ func secretKey() []byte {
 			return
 		}
 		defer client.Close()
-		name := fmt.Sprintf("projects/%s/secrets/i-dis-band-sk/versions/latest", project)
+		name := fmt.Sprintf("projects/%s/secrets/%s/versions/latest", project, *secretName)
 		resp, err := client.AccessSecretVersion(ctx, &secretmanager2.AccessSecretVersionRequest{Name: name})
 		if err != nil {
 			log.Printf("client.AccessSecretVersion(%q) = %v", name, err)
@@ -98,13 +105,13 @@ func ValidMAC(message, messageMAC, key []byte) bool {
 }
 
 const (
-	Byte = 1 << (10*iota)
+	Byte = 1 << (10 * iota)
 	KiB
 	MiB
 	GiB
 )
 
-const maxUpload = 100*MiB
+const maxUpload = 100 * MiB
 
 func upload(b *storage.BucketHandle) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -198,7 +205,7 @@ func upload(b *storage.BucketHandle) http.Handler {
 			return
 		}
 		n, err := io.Copy(fw, file)
-		if err != nil || n == 0{
+		if err != nil || n == 0 {
 			log.Printf("fw.Write(wand.GetImageBlob()) = %d, %v", n, err)
 			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
 			return
diff --git a/readme.md b/readme.md
new file mode 100644
index 0000000..e5df6ba
--- /dev/null
+++ b/readme.md
@@ -0,0 +1,42 @@
+# i.dis.band
+
+## deploying
+
+### Flags:
+Flags: 
+- --bucket=<YOUR-GCS-BUCKET>
+- --secret-name=<YOUR-SECRET-MANAGER-SECRET-NAME>
+
+### Secret
+
+#### Creating:
+
+Create a secret with:
+
+```bash
+openssl rand -hex 32
+```
+
+Save that secret to a secret in GCS.
+
+#### Adding an account:
+
+```bash
+gcloud secrets --project=<YOUR-GCP-PROJECT> versions access \
+  --secret=<YOUR-SECRET-MANAGER-SECRET-NAME> latest | go run ./cmd/userkey/ <username>
+```
+
+Provide username and above output as HTTPS basic auth. The password is verified using HMAC.
+
+### Cloud Run:
+
+```bash
+gcloud run deploy --project=<YOUR-GCP-PROJECT> \
+  --command="/usr/bin/tini","--","/app/server","--bucket=<YOUR-GCS-BUCKET>","--secret-name=<YOUR-SECRET-MANAGER-SECRET-NAME>" \
+  <YOUR-APP-NAME>
+```
+
+See cloud run documentation for associating with a domain name.
+
+Once your app is created, associate a service account with it, and grant that account read access to the secret, and
+object owner to your bucket.
diff --git a/service.yaml b/service.yaml
deleted file mode 100644
index 819aac1..0000000
--- a/service.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
-apiVersion: serving.knative.dev/v1
-kind: Service
-metadata:
-  annotations:
-    client.knative.dev/user-image: us-east4-docker.pkg.dev/da-app-z0ne/cloud-run-source-deploy/i-dis-band
-    run.googleapis.com/ingress: all
-    run.googleapis.com/ingress-status: all
-  labels:
-    cloud.googleapis.com/location: us-east4
-  name: i-dis-band
-  namespace: '596578887005'
-spec:
-  template:
-    metadata:
-      annotations:
-        autoscaling.knative.dev/maxScale: '100'
-        client.knative.dev/user-image: us-east4-docker.pkg.dev/da-app-z0ne/cloud-run-source-deploy/i-dis-band
-        run.googleapis.com/client-name: cloud-console
-      name: i-dis-band-00005-lux
-    spec:
-      containerConcurrency: 80
-      containers:
-      - image: us-east4-docker.pkg.dev/da-app-z0ne/cloud-run-source-deploy/i-dis-band
-        ports:
-        - containerPort: 8080
-          name: h2c
-        resources:
-          limits:
-            cpu: 1000m
-            memory: 512Mi
-      serviceAccountName: [email protected]
-      timeoutSeconds: 300
-  traffic:
-  - latestRevision: true
-    percent: 100
author	Alexander Rakoczy <[email protected]>	2021-11-18 15:10:47 -0500
committer	Alexander Rakoczy <[email protected]>	2021-11-18 15:10:47 -0500
commit	1cdf6bac9abb2b895e0532a4502ccdff0183896b (patch)
tree	ec0c9da3b0fbbdf941d1c2be1ea2c6294495e62d
parent	9f4e5e1d7e45de468f9ec663837488ab62cc06f4 (diff)