faas-rs/faas
1
0
Fork 0
mirror of https://github.com/openfaas/faas.git synced 2025-06-18 12:06:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Switch to external auth

Browse Source 
This commit moves the OpenFaaS gateway from using in-process
basic-auth for everything to use an external auth URL instead.

When auth is not enable, this functionality is not added to the
handlers and behaves as before. When enabled, the configured
plugin with authenticate requests.

Tested on Docker Swarm with positive and negative tests.

Signed-off-by: Alex Ellis <alexellis2@gmail.com>
This commit is contained in:
Alex Ellis
2019-06-07 12:54:48 +01:00
parent 701708fe0e
commit 0758e484f7
2 changed files with 14 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
gateway/server.go
View File

@ -83,6 +83,8 @@ func main() {
functionURLTransformer = nilURLTransformer
}
decorateExternalAuth := handlers.MakeExternalAuthHandler
faasHandlers.Proxy = handlers.MakeForwardingProxyHandler(reverseProxy, functionNotifiers, functionURLResolver, functionURLTransformer)
faasHandlers.RoutelessProxy = handlers.MakeForwardingProxyHandler(reverseProxy, forwardingNotifiers, urlResolver, nilURLTransformer)
@ -131,25 +133,25 @@ func main() {
if credentials != nil {
faasHandlers.Alert =
auth.DecorateWithBasicAuth(faasHandlers.Alert, credentials)
decorateExternalAuth(faasHandlers.Alert, config.UpstreamTimeout, config.AuthProxyURL, config.AuthProxyPassBody)
faasHandlers.UpdateFunction =
auth.DecorateWithBasicAuth(faasHandlers.UpdateFunction, credentials)
decorateExternalAuth(faasHandlers.UpdateFunction, config.UpstreamTimeout, config.AuthProxyURL, config.AuthProxyPassBody)
faasHandlers.DeleteFunction =
auth.DecorateWithBasicAuth(faasHandlers.DeleteFunction, credentials)
decorateExternalAuth(faasHandlers.DeleteFunction, config.UpstreamTimeout, config.AuthProxyURL, config.AuthProxyPassBody)
faasHandlers.DeployFunction =
auth.DecorateWithBasicAuth(faasHandlers.DeployFunction, credentials)
decorateExternalAuth(faasHandlers.DeployFunction, config.UpstreamTimeout, config.AuthProxyURL, config.AuthProxyPassBody)
faasHandlers.ListFunctions =
auth.DecorateWithBasicAuth(faasHandlers.ListFunctions, credentials)
decorateExternalAuth(faasHandlers.ListFunctions, config.UpstreamTimeout, config.AuthProxyURL, config.AuthProxyPassBody)
faasHandlers.ScaleFunction =
auth.DecorateWithBasicAuth(faasHandlers.ScaleFunction, credentials)
decorateExternalAuth(faasHandlers.ScaleFunction, config.UpstreamTimeout, config.AuthProxyURL, config.AuthProxyPassBody)
faasHandlers.QueryFunction =
auth.DecorateWithBasicAuth(faasHandlers.QueryFunction, credentials)
decorateExternalAuth(faasHandlers.QueryFunction, config.UpstreamTimeout, config.AuthProxyURL, config.AuthProxyPassBody)
faasHandlers.InfoHandler =
auth.DecorateWithBasicAuth(faasHandlers.InfoHandler, credentials)
decorateExternalAuth(faasHandlers.InfoHandler, config.UpstreamTimeout, config.AuthProxyURL, config.AuthProxyPassBody)
faasHandlers.AsyncReport =
auth.DecorateWithBasicAuth(faasHandlers.AsyncReport, credentials)
decorateExternalAuth(faasHandlers.AsyncReport, config.UpstreamTimeout, config.AuthProxyURL, config.AuthProxyPassBody)
faasHandlers.SecretHandler =
auth.DecorateWithBasicAuth(faasHandlers.SecretHandler, credentials)
decorateExternalAuth(faasHandlers.SecretHandler, config.UpstreamTimeout, config.AuthProxyURL, config.AuthProxyPassBody)
}
r := mux.NewRouter()
@ -201,7 +203,7 @@ func main() {
uiHandler := http.StripPrefix("/ui", fsCORS)
if credentials != nil {
r.PathPrefix("/ui/").Handler(auth.DecorateWithBasicAuth(uiHandler.ServeHTTP, credentials)).Methods(http.MethodGet)
r.PathPrefix("/ui/").Handler(decorateExternalAuth(uiHandler.ServeHTTP, config.UpstreamTimeout, config.AuthProxyURL, config.AuthProxyPassBody)).Methods(http.MethodGet)
} else {
r.PathPrefix("/ui/").Handler(uiHandler).Methods(http.MethodGet)
}