Merge pull request #1866 from mslipper/feat/eng-1728-env-vars

go/proxyd: Add support for env vars in the config

Merge pull request #1866 from mslipper/feat/eng-1728-env-vars
go/proxyd: Add support for env vars in the config
b6739303 · Mark Tyneway · GitHub · 6910504e · 73484138 · b6739303
Commit b6739303 authored Dec 06, 2021 by Mark Tyneway Committed by GitHub Dec 06, 2021
Showing with 73 additions and 15 deletions

new-squids-hunt.md .changeset/new-squids-hunt.md +5 -0

config.go go/proxyd/config.go +27 -5

example.config.toml go/proxyd/example.config.toml +10 -4

proxyd.go go/proxyd/proxyd.go +31 -6

No files found.
--- a/.changeset/new-squids-hunt.md
+++ b/.changeset/new-squids-hunt.md
+---
+'@eth-optimism/proxyd': minor
+---
+
+Adds ability to specify env vars in config
--- a/go/proxyd/config.go
+++ b/go/proxyd/config.go
 package proxyd

+import (
+	"fmt"
+	"os"
+	"strings"
+)
+
 type ServerConfig struct {
 	RPCHost          string `toml:"rpc_host"`
 	RPCPort          int    `toml:"rpc_port"`
@@ -59,3 +65,19 @@ type Config struct {
 	RPCMethodMappings map[string]string   `toml:"rpc_method_mappings"`
 	WSMethodWhitelist []string            `toml:"ws_method_whitelist"`
 }
+
+func ReadFromEnvOrConfig(value string) (string, error) {
+	if strings.HasPrefix(value, "$") {
+		envValue := os.Getenv(strings.TrimPrefix(value, "$"))
+		if envValue == "" {
+			return "", fmt.Errorf("config env var %s not found", value)
+		}
+		return envValue, nil
+	}
+
+	if strings.HasPrefix(value, "\\") {
+		return strings.TrimPrefix(value, "\\"), nil
+	}
+
+	return value, nil
+}
--- a/go/proxyd/example.config.toml
+++ b/go/proxyd/example.config.toml
@@ -44,11 +44,15 @@ out_of_service_seconds = 600
 [backends]
 # A map of backends by name.
 [backends.infura]
-# The URL to contact the backend at.
+# The URL to contact the backend at. Will be read from the environment
+# if an environment variable prefixed with $ is provided.
 rpc_url = ""
-# The WS URL to contact the backend at.
+# The WS URL to contact the backend at. Will be read from the environment
+# if an environment variable prefixed with $ is provided.
 ws_url = ""
 username = ""
+# An HTTP Basic password to authenticate with the backend. Will be read from
+# the environment if an environment variable prefixed with $ is provided.
 password = ""
 max_rps = 3
 max_ws_conns = 1
@@ -60,7 +64,6 @@ client_cert_file = ""
 client_key_file = ""

 [backends.alchemy]
-# The URL to contact the backend at.
 rpc_url = ""
 ws_url = ""
 username = ""
@@ -79,7 +82,10 @@ backends = ["alchemy"]
 # proxyd will only accept authenticated requests.
 [authentication]
 # Mapping of auth key to alias. The alias is used to provide a human-
-# readable name for the auth key in monitoring.
+# readable name for the auth key in monitoring. The auth key will be
+# read from the environment if an environment variable prefixed with $
+# is provided. Note that you will need to quote the environment variable
+# in order for it to be value TOML, e.g. "$FOO_AUTH_KEY" = "foo_alias".
 secret = "test"

 # Mapping of methods to backend groups.

--- a/go/proxyd/proxyd.go
+++ b/go/proxyd/proxyd.go
@@ -47,10 +47,18 @@ func Start(config *Config) error {
 	for name, cfg := range config.Backends {
 		opts := make([]BackendOpt, 0)

-		if cfg.RPCURL == "" {
+		rpcURL, err := ReadFromEnvOrConfig(cfg.RPCURL)
+		if err != nil {
+			return err
+		}
+		wsURL, err := ReadFromEnvOrConfig(cfg.WSURL)
+		if err != nil {
+			return err
+		}
+		if rpcURL == "" {
 			return fmt.Errorf("must define an RPC URL for backend %s", name)
 		}
-		if cfg.WSURL == "" {
+		if wsURL == "" {
 			return fmt.Errorf("must define a WS URL for backend %s", name)
 		}

@@ -74,7 +82,11 @@ func Start(config *Config) error {
 			opts = append(opts, WithMaxWSConns(cfg.MaxWSConns))
 		}
 		if cfg.Password != "" {
-			opts = append(opts, WithBasicAuth(cfg.Username, cfg.Password))
+			passwordVal, err := ReadFromEnvOrConfig(cfg.Password)
+			if err != nil {
+				return err
+			}
+			opts = append(opts, WithBasicAuth(cfg.Username, passwordVal))
 		}
 		tlsConfig, err := configureBackendTLS(cfg)
 		if err != nil {
@@ -84,10 +96,10 @@ func Start(config *Config) error {
 			log.Info("using custom TLS config for backend", "name", name)
 			opts = append(opts, WithTLSConfig(tlsConfig))
 		}
-		back := NewBackend(name, cfg.RPCURL, cfg.WSURL, lim, opts...)
+		back := NewBackend(name, rpcURL, wsURL, lim, opts...)
 		backendNames = append(backendNames, name)
 		backendsByName[name] = back
-		log.Info("configured backend", "name", name, "rpc_url", cfg.RPCURL, "ws_url", cfg.WSURL)
+		log.Info("configured backend", "name", name, "rpc_url", rpcURL, "ws_url", wsURL)
 	}

 	backendGroups := make(map[string]*BackendGroup)
@@ -124,13 +136,26 @@ func Start(config *Config) error {
 		}
 	}

+	var resolvedAuth map[string]string
+
+	if config.Authentication != nil {
+		resolvedAuth = make(map[string]string)
+		for secret, alias := range config.Authentication {
+			resolvedSecret, err := ReadFromEnvOrConfig(secret)
+			if err != nil {
+				return err
+			}
+			resolvedAuth[resolvedSecret] = alias
+		}
+	}
+
 	srv := NewServer(
 		backendGroups,
 		wsBackendGroup,
 		NewStringSetFromStrings(config.WSMethodWhitelist),
 		config.RPCMethodMappings,
 		config.Server.MaxBodySizeBytes,
-		config.Authentication,
+		resolvedAuth,
 	)

 	if config.Metrics.Enabled {