Merge pull request backplaneNoLongerBackplane#5 from backplane/whitelist

Whitelist process types (defaults to "web,www")
ktsalz · Aug 14, 2018 · 7812de2 · 7812de2
2 parents 84b6a91 + 029c94b
commit 7812de2
Show file tree

Hide file tree

Showing 2 changed files with 63 additions and 22 deletions.
diff --git a/README.md b/README.md
@@ -13,42 +13,56 @@ The Backplane buildpack will do the following things at compile time:
 
 At runtime:
 
-* Start the Backplane agent `backplane connect` - This will get its
-	  labels from the BACKPLANE_LABELS environment variable and its
-authentication token from BACKPLANE_TOKEN.
+* Start the Backplane agent `backplane connect` - This will get its labels from the 
+`BACKPLANE_LABELS` environment variable and its authentication token from `BACKPLANE_TOKEN`.
 
 ## Use
 
+### Setup backplane routing
+
 If you haven't already created a route now is a good time to do so:
 
-	$ backplane route myendpoint.com "some=label"
+    $ backplane route myendpoint.com "some=label"
+
+### Add the backplane buildpack
 
 Add the Backplane buildpack to the list of buildpacks for your Heroku app and
 configure:
 
-	$ heroku buildpacks:add https://github.com/backplane/backplane-heroku-buildpack
-	$ heroku config:set BACKPLANE_LABELS="some=label" $(backplane generate env | grep TOKEN)
+    $ heroku buildpacks:add https://github.com/backplane/backplane-heroku-buildpack
+    $ heroku config:set BACKPLANE_LABELS="some=label" $(backplane generate env | grep TOKEN)
 
 You are now ready to deploy:
 
-	$ git push heroku master
+    $ git push heroku master
 
 > NOTE: You may now turn off inbound traffic from Heroku's router by changing
 > your process name from `web` to `www` or whatever you see fit. Each process
 > should still bind to `127.0.0.1:$PORT` where the backplane agent will be
-> looking for it.
+> looking for it. However, if you do change the process name, be sure to whitelist
+> it with the BACKPLANE_PROCESS_ALLOW environment variable.
 
 Test http://myendpoint.com.
 
 For more information on setting up backplane see `backplane help`.
 
+### Whitelist process types
+
+Use enviroment variable `BACKPLANE_PROCESS_ALLOW` to whitelist process types
+which serve http traffic. If left unset, the process type 'web' and 'www' will be whitelisted 
+by default.
+
+Example:
+
+    $ heroku config:set BACKPLANE_PROCESS_ALLOW=www,admin
+
 ## Known Issues
 
 ### Fetch Error
 
 At times Heroku may report:
 
-	Push rejected, failed to detect set buildpack https://github.com/backplane/backplane-heroku-buildpack
+  Push rejected, failed to detect set buildpack https://github.com/backplane/backplane-heroku-buildpack
 
 This happens intermittently without changes to the buildpack and "fixes itself"
 after some time due to what we believe to be issues on Heroku's end. Please

diff --git a/bin/compile b/bin/compile
@@ -2,24 +2,51 @@
 
 set -e
 
-build=$1
-cache=$2
+buildDir=$1
+cacheDir=$2
+envDir=$3
 
-mkdir -p $build/bin
-mkdir -p $build/.profile.d
-mkdir -p $cache
+mkdir -p $buildDir/bin
+mkdir -p $buildDir/.profile.d
+mkdir -p $cacheDir
+mkdir -p $envDir
 
 install_backplane() {
-	echo "-----> Installing Backplane Agent"
-	name=backplane-stable-linux-amd64.tgz
-	curl -s https://bin.equinox.io/c/jWahGASjoRq/$name > $cache/$name
-	tar xf $cache/$name -C $build/bin
+  echo "-----> Installing Backplane Agent"
+  name=backplane-stable-linux-amd64.tgz
+  curl -s https://bin.equinox.io/c/jWahGASjoRq/$name > $cacheDir/$name
+  tar xf $cacheDir/$name -C $buildDir/bin
 }
 
 install_backplane
 
+if [ -f $envDir/BACKPLANE_PROCESS_ALLOW ]; then 
+  whitelist=$(cat $envDir/BACKPLANE_PROCESS_ALLOW)
+fi
+whitelist=${whitelist:-web}
+echo "-----> Backplane Agent whitelists the 'web' and 'www' process types by default."
+echo "       Use enviroment variable BACKPLANE_PROCESS_ALLOW to whitelist alternate process types."
+echo "       Example: BACKPLANE_PROCESS_ALLOW=internal,external"
+echo ""
+echo "-----> Backplane Agent whitelisted process types: $whitelist"
+echo ""
+
 echo "-----> Writing .profile.d/backplane.sh"
-cat <<-EOF > $build/.profile.d/backplane.sh
-BACKPLANE_LABELS="\$BACKPLANE_LABELS, heroku=true"
-\$HOME/bin/backplane connect "\$BACKPLANE_LABELS" http://127.0.0.1:\$PORT &
-EOF
+cat <<-EOF > $buildDir/.profile.d/backplane.sh
+allowed="no"
+CURRENT_PROCESS_TYPE=\${DYNO%.*}
+IFS=", " read -r -a array <<< "\${BACKPLANE_PROCESS_ALLOW:-web,www}"
+for element in "\${array[@]}"
+do
+  if [ "\$element" == "\$CURRENT_PROCESS_TYPE" ]; then
+    allowed="yes"
+    break
+  fi
+done
+if [ "\$allowed" == "yes" ]; then
+  echo "[backplane] Starting Backplane Agent"
+  \$HOME/bin/backplane connect "\$BACKPLANE_LABELS,heroku=true" http://127.0.0.1:\$PORT &
+else
+  echo '[backplane] Skipping start of Backplane Agent'
+fi
+EOF