Fix index page

- was missing link to lab 11
- lab 5 missed link to lab 11 (which was intended but left as a
todo)

Signed-off-by: Alex Ellis (VMware) <[email protected]>

Author: alexellis

README.md

@@ -103,12 +103,17 @@ If you're taking an instructor-led workshops then a link will be shared to join
   * Observe auto-scaling kicking in
 
 ## [Lab 10 - Advanced Feature - Secrets](./lab10.md)
+
 * Adapt issue-bot to use a secret
   * Create a Swarm secret
   * Access the secret within the function
 
 You can start with the first lab [Lab 1](lab1.md).
 
+# [Lab 11 - Advanced feature - Trust with HMAC](./lab11.md)
+
+* Apply trust to functions using HMAC
+
 ## Tear down / Clear up
 
 You can find how to stop and remove OpenFaaS [here](https://github.com/openfaas/faas/blob/master/guide/troubleshooting.md#stop-and-remove-openfaas)

lab10.md

@@ -83,4 +83,4 @@ Use the CLI to build and deploy the function:
 $ faas-cli up -f issue-bot.yml
 ```
 
-You can return to the [main page](./README.md).
+Now move onto [Lab 11](lab11.md).

lab11.md

@@ -2,15 +2,16 @@
 
 <img src="https://github.com/openfaas/media/raw/master/OpenFaaS_Magnet_3_1_png.png" width="500px"></img>
 
-Before starting this lab create new folder
+Before starting this lab create a new folder
+
 ```
 mkdir -p lab11 \
    && cd lab11
 ```
 
 ## What is HMAC
 
-Currently there are no limitations on who can make use of our functions. As long as connectivity allows, our functions can be invoked without any restriction. By default they trust any supplied information to be genuine. However, if we want to control access to functions we can use Hash-based Message Authentication Code (HMAC) to validate the source of information.
+Without any form of authentication or trust our functions may be exposed to anyone who can guess their URL. If our functions are accessible on the Internet or the local network then they could be invoked by a bad actor. By default functions respond to any request. However, if we want to control access to functions we can use Hash-based Message Authentication Code (HMAC) to validate the source of information.
 
 From [alexellis/hmac](https://github.com/alexellis/hmac):
 > HMAC uses a symmetric key that both sender/receiver share ahead of time. The sender will generate a hash when wanting to transmit a message - this data is sent along with the payload. The recipient will then sign payload with the shared key and if the hash matches then the payload is assumed to be from the sender.
@@ -184,5 +185,6 @@ $ echo -n "This is a message" | faas-cli invoke hmac-protected --sign hmac --key
 HMAC validation failed.
 ```
 
-Now you can secure your payload on `issue-bot` from [lab5](https://github.com/openfaas/workshop/blob/7f1b0246376b7e4380bb5874655f28254c15f749/lab5.md)
+As a follow-up task you could apply HMAC to secure your endpoint on `issue-bot` from [lab 5](https://github.com/openfaas/workshop/blob/7f1b0246376b7e4380bb5874655f28254c15f749/lab5.md)
 
+You have completed the labs and can return to the [main page](./README.md).

lab5.md

@@ -347,6 +347,6 @@ Now try it out by creating some new issues in the `bot-tester` repository. Check
 
 ## Validate payload with HMAC
 
-To further protect your function with HMAC head over to [lab11](url when merged)
+In [Lab 11](lab11.md) we will learn how to protect a serverless function from tampering through the use of HMAC.
 
 Now move on to [Lab 6](lab6.md).