Skip to content

Commit

Permalink
docs: add secret demo and doc (#525)
Browse files Browse the repository at this point in the history 
* add secret client

* add secret client

* add license

* add secret demo of file\env\k8s

* add secret doc

* clean code

* add start doc

* fix

* fix

* delete demo

* add quickstart test

* add quickstart test

Co-authored-by: seeflood <349895584@qq.com>
  • Loading branch information
@ZLBer @seeflood
ZLBer and seeflood authored May 15, 2022
1 parent 15daa68 commit c1fe556
Show file tree
Hide file tree
Showing 11 changed files with 317 additions and 1 deletion.
78 changes: 78 additions & 0 deletions configs/config_secret_file.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
{
"servers": [
{
"default_log_path": "stdout",
"default_log_level": "DEBUG",
"routers": [
{
"router_config_name": "actuator_dont_need_router"
}
],
"listeners": [
{
"name": "grpc",
"address": "127.0.0.1:34904",
"bind_port": true,
"filter_chains": [
{
"filters": [
{
"type": "grpc",
"config": {
"server_name": "runtime",
"grpc_config": {
"hellos": {
"helloworld": {
"hello": "greeting"
}
},
"secret_store": {
"local.file": {
"metadata": {
"secretsFile": "../../configs/secret/config_secret_local_file.json"
}
},
"local.env": {
"metadata": {
}
}
},
"app": {
"app_id": "app1",
"grpc_callback_port": 9999
}
}
}
}
]
}
]
},
{
"name": "actuator",
"address": "127.0.0.1:34999",
"bind_port": true,
"filter_chains": [
{
"filters": [
{
"type": "proxy",
"config": {
"downstream_protocol": "Http1",
"upstream_protocol": "Http1",
"router_config_name": "actuator_dont_need_router"
}
}
]
}
],
"stream_filters": [
{
"type": "actuator_filter"
}
]
}
]
}
]
}
6 changes: 6 additions & 0 deletions configs/secret/config_secret_local_file.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
{
"db-user-pass": {
"username": "devuser",
"password": "S!S*d$zDsb="
}
}
55 changes: 55 additions & 0 deletions demo/secret/common/client.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
package main

import (
"context"
"flag"
"fmt"
"mosn.io/layotto/sdk/go-sdk/client"

runtimev1pb "mosn.io/layotto/spec/proto/runtime/v1"
)

var storeName string

func init() {
flag.StringVar(&storeName, "s", "", "set `storeName`")
}

func main() {

flag.Parse()
if storeName == "" {
panic("storeName is empty.")
}
cli, err := client.NewClient()
if err != nil {
panic(err)
}
defer cli.Close()
ctx := context.Background()
//2. get the secret
resp, err := cli.GetSecret(ctx, &runtimev1pb.GetSecretRequest{
StoreName: storeName,
Key: "db-user-pass:password",
})
if err != nil {
panic(err)
}
if resp == nil || len(resp.Data) == 0 {
panic("no response data")
}
fmt.Println(resp)

//3. get the bulk secret
bulkSecrets, err := cli.GetBulkSecret(ctx, &runtimev1pb.GetBulkSecretRequest{
StoreName: storeName,
})
if err != nil {
panic(err)
}
if bulkSecrets == nil || len(bulkSecrets.Data) == 0 {
panic("no response data")
}
fmt.Println(bulkSecrets)

}
2 changes: 2 additions & 0 deletions docs/_sidebar.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
- [Use Pub/Sub API](en/start/pubsub/start.md)
- [Use Distributed Lock API](en/start/lock/start.md)
- [Use Sequencer API](en/start/sequencer/start.md)
- [Use Secret API](en/start/secret/start.md)
- Service Invocation
- [Hello World](en/start/rpc/helloworld.md)
- [Dubbo JSON RPC](en/start/rpc/dubbo_json_rpc.md)
Expand Down Expand Up @@ -67,6 +68,7 @@
- [Redis](en/component_specs/sequencer/redis.md)
- [Zookeeper](en/component_specs/sequencer/zookeeper.md)
- [MongoDB](en/component_specs/sequencer/mongo.md)
- [Secret Store](en/component_specs/secret/common.md)
- Design documents
- [Actuator design doc](en/design/actuator/actuator-design-doc.md)
- [Configuration API with Apollo](en/design/configuration/configuration-api-with-apollo.md)
Expand Down
33 changes: 33 additions & 0 deletions docs/en/component_specs/secret/common.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
# Secret Store component
This component can access secrets from local files, environment variables, k8s, etc., Layotto use dapr's secret API, learn more: https://docs.dapr.io/operations/components/setup-secret-store/
**Configuration file structure**

The json configuration file has the following structure:
```json
"secretStores": {
"<STORE NAME>": {
"metadata": {
"<KEY>": "<VALUE>",
"<KEY>": "<VALUE>"
}
}
}
```
Configuration examples of local file keys, local environment variables, and k8s keys:
```
"secretStores": {
"local.file": {
"metadata": {
"secretsFile": "../../configs/config_secret_local_file.json"
}
},
"local.env": {
"metadata": {
}
},
"kubernetes": {
"metadata": {
}
}
}
```
54 changes: 54 additions & 0 deletions docs/en/start/secret/start.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
# use Secret API to obtain secret
## What is Secret API
The secret API is used to obtain secret from file, env, k8s, etc

Get all API and secret support
## Quick start

This example shows how to obtain the secret in file, env and k8s through the Layotto secret API



### Step 1: Run Layotto

After downloading the project code to the local, switch the code directory and compile:

```shell
cd ${project_path}/cmd/layotto
```

build:
```shell @if.not.exist layotto
go build -o layotto
```

Once finished, the layotto file will be generated in the directory, run it:

```shell @background
./layotto start -c ../../configs/config_secret_file.json
```

### Step 2: Run the client program and call Layotto to generate a unique id

```shell
cd ${project_path}/demo/secret/common/
```

```shell @if.not.exist client
go build -o client
```

```shell
./client -s "local.file"
```

If the following information is printed, the demo is successful:

```bash
data:{key:"db-user-pass:password" value:"S!S*d$zDsb="}
data:{key:"db-user-pass:password" value:{secrets:{key:"db-user-pass:password" value:"S!S*d$zDsb="}}} data:{key:"db-user-pass:username" value:{secrets:{key:"db-user-pass:username" value:"devuser"}}}
```


## Want to learn more about Secret API?
Layotto reuse Dapr Secret API,learn more:https://docs.dapr.io/operations/components/setup-secret-store/
2 changes: 2 additions & 0 deletions docs/zh/_sidebar.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
- [使用Pub/Sub API](zh/start/pubsub/start.md)
- [使用分布式锁 API](zh/start/lock/start.md)
- [使用Sequencer API生成分布式自增id](zh/start/sequencer/start.md)
- [使用 Secret API](zh/start/secret/start.md)
- 进行RPC调用
- [Hello World](zh/start/rpc/helloworld.md)
- [Dubbo JSON RPC](zh/start/rpc/dubbo_json_rpc.md)
Expand Down Expand Up @@ -72,6 +73,7 @@
- [Redis](zh/component_specs/sequencer/redis.md)
- [Zookeeper](zh/component_specs/sequencer/zookeeper.md)
- [MongoDB](zh/component_specs/sequencer/mongo.md)
- [Secret Store](zh/component_specs/secret/common.md)
- [自定义组件](zh/component_specs/custom/common.md)
- [如何部署、升级 Layotto](zh/operation/)
- 设计文档
Expand Down
34 changes: 34 additions & 0 deletions docs/zh/component_specs/secret/common.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
# 秘钥组件
该组件可以从本地文件、环境变量、k8s等获取秘钥,复用了dapr的secret API,了解更多:https://docs.dapr.io/operations/components/setup-secret-store/

**配置文件结构**

json配置文件有如下结构:
```json
"secretStores": {
"<STORE NAME>": {
"metadata": {
"<KEY>": "<VALUE>",
"<KEY>": "<VALUE>"
}
}
}
```
本地文件秘钥、本地环境变量、k8s秘钥的配置例子:
```
"secretStores": {
"local.file": {
"metadata": {
"secretsFile": "../../configs/config_secret_local_file.json"
}
},
"local.env": {
"metadata": {
}
},
"kubernetes": {
"metadata": {
}
}
}
```
50 changes: 50 additions & 0 deletions docs/zh/start/secret/start.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
# 使用Secret API获取secret
## 什么是Secret API
Secret API用于从file、env、k8s等获取secret

Secret API支持获取单个和所有secret
## 快速开始

该示例展示了如何通过Layotto Secret API 获取 file、env、k8s中的secret


### 第一步:运行Layotto

将项目代码下载到本地后,切换代码目录、编译:

```shell
cd ${project_path}/cmd/layotto
```
构建:
```shell @if.not.exist layotto
go build -o layotto
```
完成后目录下会生成layotto文件,运行它:

```shell @background
./layotto start -c ../../configs/config_secret_file.json
```

### 第二步:运行客户端程序,调用Layotto生成唯一id

```shell
cd ${project_path}/demo/secret/common/
```

```shell @if.not.exist client
go build -o client
```
```shell
./client -s "local.file"
```

打印出如下信息则代表调用成功:

```bash
data:{key:"db-user-pass:password" value:"S!S*d$zDsb="}
data:{key:"db-user-pass:password" value:{secrets:{key:"db-user-pass:password" value:"S!S*d$zDsb="}}} data:{key:"db-user-pass:username" value:{secrets:{key:"db-user-pass:username" value:"devuser"}}}
```


## 想要详细了解Secret API?
Layotto复用了Dapr的Secret API,了解更多:https://docs.dapr.io/operations/components/setup-secret-store/
2 changes: 2 additions & 0 deletions etc/script/test-quickstart.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ quickstarts_in_default="docs/en/start/configuration/start.md
docs/en/start/trace/prometheus.md
docs/en/start/wasm/start.md
docs/zh/start/wasm/start.md
docs/en/start/secret/start.md
docs/zh/start/secret/start.md
"

# In advance mod, we test these docs with golang 1.17
Expand Down
2 changes: 1 addition & 1 deletion pkg/runtime/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ type MosnRuntimeConfig struct {
LockManagement map[string]lock.Config `json:"lock"`
SequencerManagement map[string]sequencer.Config `json:"sequencer"`
Bindings map[string]bindings.Metadata `json:"bindings"`
SecretStoresManagement map[string]bindings.Metadata `json:"secretStores"`
SecretStoresManagement map[string]bindings.Metadata `json:"secret_store"`
// <component type,component name,config>
// e.g. <"super_pubsub","etcd",config>
CustomComponent map[string]map[string]custom.Config `json:"custom_component,omitempty"`
Expand Down

0 comments on commit c1fe556

Please sign in to comment.