secure information in environmentVariables section

[htynkn]

hey team,

I try to put some secure access key in env for third party api call. In the document, I think EnvironmentVariables is something can achieve this.

But I don't want to hard code env in yml file, would like to know if there is any way to secure env in EnvironmentVariables section? For example, those secure key is in my build machine env, when I run fun deploy can those value be extracted from my build machine env and pass to aliyun provider?

[tanhe123]

template.yml does not currently support template environment variables, but similar functionality can be implemented through scripts.

For example, here is a script for deploying functions to all reigons with different logs:

import subprocess
import os
import sys

regions = ['cn-shanghai', 'cn-hangzhou', 'cn-beijing', 'cn-shenzhen', 'cn-qingdao', 'cn-hongkong', 'ap-southeast-1', 'ap-southeast-2']

templateContent = """
ROSTemplateFormatVersion: '2015-09-01'
Transform: 'Aliyun::Serverless-2018-04-03'
Resources:
  fc-test:
    Type: 'Aliyun::Serverless::Service'
    Properties:
      Description: 'fc test'
      LogConfig:
        Project: fctestproject-{0}
        Logstore: fctestlogstore
    nodejs8_test:
      Type: 'Aliyun::Serverless::Function'
      Properties:
        Handler: nodejs8_test.handler
        Runtime: nodejs8
        CodeUri: './nodejs8_test.js'
        Timeout: 3
  fctestproject-{0}:
    Type: 'Aliyun::Serverless::Log'
    Properties:
      Description: 'just python log'
    fctestlogstore:
      Type: 'Aliyun::Serverless::Log::Logstore'
      Properties:
        TTL: 10
        ShardCount: 1
"""

for region in regions:
    print('##### start deploy region: {0}'.format(region))

    env = os.environ.copy()
    env['DEFAULT_REGION'] = region

    regionTemplate = templateContent.format(region)
    with open("template.yml", "w") as templateFile:
        templateFile.write(regionTemplate)

    res = subprocess.check_output(['fun', 'deploy'], env=env) 

    for line in res.splitlines():
        print(line)

    print('#### end deploy region: {0}\n'.format(region))

This example uses the python format, which can be referenced here.

If you use a different language, you can use a similar method.

[htynkn]

@tanhe123 thanks for replying. This is a way to make it works and actually this is how our team is doing.

But for me I would like to see a built-in function to support this kind of stuff in aliyun/fun, instead of writing build script. Serverless is another faas tool which support similar function, like

service: new-service
provider: aws
functions:
  hello:
    name: ${env:FUNC_PREFIX}-hello
    handler: handler.hello
  world:
    name: ${env:FUNC_PREFIX}-world
    handler: handler.world

Refer to https://serverless.com/framework/docs/providers/aws/guide/variables/#referencing-environment-variables

Can we have any plan to support similar feature?

[tanhe123]

Thanks for your suggestion, we will carefully evaluate this feature. If there is no problem, it will be supported.

[shiny]

Thanks for your suggestion, we will carefully evaluate this feature. If there is no problem, it will be supported.

docker-compose.yml is a good example, please consider.

[shiny]

Thanks for your suggestion, we will carefully evaluate this feature. If there is no problem, it will be supported.

Our team will add template.yml to git respo, it's not safe to keep the environmentVariables stay in it. Also we need keep prod/local environment isolated, they are almost same except environment variables.