Request Gateway Postgres - address restricting add-on for auth.
A Go IP address restriction backend utility which uses Postgres/GCP CloudSQL. Intended to be used in conjunction with auth.
This is a fairly rudimentary backend client which persists a list of approved address names (IPs, hostnames, whatever you want to use to differentiate), and will provide a boolean check to indicate if a given address name is on the approved list.
This was written to augment a GCP Appengine service. Appengine already provides a firewall service which can be used to control incoming traffic, so this address restriction utility is useful where a appengine default service already exists serving a superset of incoming traffic. This can be plugged into middleware to permit access to a non-default service for a subset of traffic.
The best place to start is probably with the examples and tests. Initialise the approval list table with the schema SQL scripts.
See examples for a http/appengine implementations which uses requestgateway and auth. This is written for appengine standard 2nd gen, but also works as a standalone.
This utilises the following fine pieces of work:
- GCP's CloudSQL and Storage Go client
If you want to run the example code, then install using
$ go get -u github.com/lidstromberg/examplesIf you only want the requestgateway utility, then install with
$ go get -u github.com/lidstromberg/requestgatewaypgYou will also need to export (linux/macOS) or create (Windows) some environment variables.
################################
# GCP DETAILS
################################
export GTWAY_GCP_PROJECT='{{PROJECTNAME}}'
################################
# GCP CREDENTIALS
################################
export GOOGLE_APPLICATION_CREDENTIALS="/PATH/TO/GCPCREDENTIALS.JSON"(See Google Application Credentials)
If you are using CloudSQL you will also need to give IAM permissions to the account to which GCPCREDENTIALS.JSON belongs (Role: Cloud SQL Client)
Change GTWAYPG_DEBUGON to true/false if you want verbose logging on/off. The other variables don't need to be changed.
################################
# REQUEST GATEWAY
################################
export GTWAYPG_DEBUGON='true'
export GTWAYPG_SQLDST='cloudsqlpostgres'
export GTWAYPG_SQLCNX='host={{instancename}} dbname=gateway user=gatewayuser password={{password}} sslmode=disable'| File | Purpose |
|---|---|
| requestgateway.go | Logic manager |
| requestgateway_test.go | Tests |
| File | Purpose |
|---|---|
| 001_dbcreate.sql | Database/User create |
| 002_schema.sql | Database schema |
| 003_funcs.sql | Database functions |
| File | Purpose |
|---|---|
| config.go | Boot package parameters, environment var collection |
| entity.go | Package structs |
| env | Package environment variables for local/dev installation |
| gogets | Statements for go-getting required packages |