Move to auth package in faas-provider

The basic-auth middleware and credentials-loading code has been
moved into the faas-provider project. This has now been brought
back into the faas project via vendoring.

Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
This commit is contained in:
Alex Ellis (VMware) 2018-09-06 16:14:53 +01:00
parent c821585b39
commit 6937bc4d7f
16 changed files with 279 additions and 21 deletions

11
gateway/Gopkg.lock generated
View File

@ -72,6 +72,15 @@
revision = "289cccf02c178dc782430d534e3c1f5b72af807f"
version = "v1.0.0"
[[projects]]
name = "github.com/openfaas/faas-provider"
packages = [
".",
"types"
]
revision = "9ce928bc82cbb2642e6d534f93a7904116179e6c"
version = "0.7.0"
[[projects]]
name = "github.com/openfaas/nats-queue-worker"
packages = ["handler"]
@ -112,6 +121,6 @@
[solve-meta]
analyzer-name = "dep"
analyzer-version = 1
inputs-digest = "f6e74bc55788e9ad6ea33f02d2be398013705f4606c29bbead71ac41a3c19514"
inputs-digest = "28590014be90eceddef008d7ef4843165d708e8358c428ad907c50e363af424f"
solver-name = "gps-cdcl"
solver-version = 1

View File

@ -25,3 +25,7 @@ ignored = ["github.com/openfaas/faas/gateway/queue"]
name = "golang.org/x/net"
[[constraint]]
name = "github.com/openfaas/faas-provider"
version = "0.7.0"

View File

@ -12,6 +12,7 @@ import (
"github.com/gorilla/mux"
"github.com/openfaas/faas/gateway/handlers"
"github.com/openfaas/faas-provider/auth"
"github.com/openfaas/faas/gateway/metrics"
"github.com/openfaas/faas/gateway/plugin"
"github.com/openfaas/faas/gateway/types"
@ -33,11 +34,11 @@ func main() {
log.Printf("Binding to external function provider: %s", config.FunctionsProviderURL)
var credentials *types.BasicAuthCredentials
var credentials *auth.BasicAuthCredentials
if config.UseBasicAuth {
var readErr error
reader := types.ReadBasicAuthFromDisk{
reader := auth.ReadBasicAuthFromDisk{
SecretMountPath: config.SecretMountPath,
}
credentials, readErr = reader.Read()
@ -109,17 +110,17 @@ func main() {
if credentials != nil {
faasHandlers.UpdateFunction =
handlers.DecorateWithBasicAuth(faasHandlers.UpdateFunction, credentials)
auth.DecorateWithBasicAuth(faasHandlers.UpdateFunction, credentials)
faasHandlers.DeleteFunction =
handlers.DecorateWithBasicAuth(faasHandlers.DeleteFunction, credentials)
auth.DecorateWithBasicAuth(faasHandlers.DeleteFunction, credentials)
faasHandlers.DeployFunction =
handlers.DecorateWithBasicAuth(faasHandlers.DeployFunction, credentials)
auth.DecorateWithBasicAuth(faasHandlers.DeployFunction, credentials)
faasHandlers.ListFunctions =
handlers.DecorateWithBasicAuth(faasHandlers.ListFunctions, credentials)
auth.DecorateWithBasicAuth(faasHandlers.ListFunctions, credentials)
faasHandlers.ScaleFunction =
handlers.DecorateWithBasicAuth(faasHandlers.ScaleFunction, credentials)
faasHandlers.QueryFunction = handlers.DecorateWithBasicAuth(faasHandlers.QueryFunction, credentials)
faasHandlers.InfoHandler = handlers.DecorateWithBasicAuth(faasHandlers.InfoHandler, credentials)
auth.DecorateWithBasicAuth(faasHandlers.ScaleFunction, credentials)
faasHandlers.QueryFunction = auth.DecorateWithBasicAuth(faasHandlers.QueryFunction, credentials)
faasHandlers.InfoHandler = auth.DecorateWithBasicAuth(faasHandlers.InfoHandler, credentials)
}
r := mux.NewRouter()
@ -168,7 +169,7 @@ func main() {
uiHandler := http.StripPrefix("/ui", fsCORS)
if credentials != nil {
r.PathPrefix("/ui/").Handler(handlers.DecorateWithBasicAuth(uiHandler.ServeHTTP, credentials)).Methods(http.MethodGet)
r.PathPrefix("/ui/").Handler(auth.DecorateWithBasicAuth(uiHandler.ServeHTTP, credentials)).Methods(http.MethodGet)
} else {
r.PathPrefix("/ui/").Handler(uiHandler).Methods(http.MethodGet)
}

View File

@ -0,0 +1,16 @@
# Binaries for programs and plugins
*.exe
*.dll
*.so
*.dylib
# Test binary, build with `go test -c`
*.test
# Output of the go coverage tool, specifically when used with LiteIDE
*.out
# Project-local glide cache, RE: https://github.com/Masterminds/glide/issues/736
.glide/
faas-backend

View File

@ -0,0 +1,25 @@
FROM golang:1.9.7-alpine
RUN mkdir -p /go/src/github.com/openfaas/faas-provider/
WORKDIR /go/src/github.com/openfaas/faas-provider
COPY vendor vendor
COPY types types
COPY auth auth
COPY serve.go .
RUN go test ./auth/ -v \
&& CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o faas-provider .
FROM alpine:3.7
RUN apk --no-cache add ca-certificates
WORKDIR /root/
EXPOSE 8080
ENV http_proxy ""
ENV https_proxy ""
COPY --from=0 /go/src/github.com/openfaas/faas-provider/faas-provider .
CMD ["./faas-provider]

View File

@ -0,0 +1,21 @@
# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.
[[projects]]
name = "github.com/gorilla/context"
packages = ["."]
revision = "1ea25387ff6f684839d82767c1733ff4d4d15d0a"
version = "v1.1"
[[projects]]
name = "github.com/gorilla/mux"
packages = ["."]
revision = "7f08801859139f86dfafd1c296e2cba9a80d292e"
version = "v1.6.0"
[solve-meta]
analyzer-name = "dep"
analyzer-version = 1
inputs-digest = "22efb1c7d9d2403520db6d9a878b2f1e52741e51425cbda743cfd25f00c84a9b"
solver-name = "gps-cdcl"
solver-version = 1

View File

@ -0,0 +1,7 @@
[prune]
go-tests = true
unused-packages = true
[[constraint]]
name = "github.com/gorilla/mux"
version = "1.6.0"

View File

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2017 Alex Ellis
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

View File

@ -0,0 +1,2 @@
build:
docker build -t faas-provider .

View File

@ -0,0 +1,39 @@
faas-provider
==============
This is a common template or interface for you to start building your own OpenFaaS backend.
Checkout the [backends guide here](https://github.com/openfaas/faas/blob/master/guide/backends.md) before starting.
OpenFaaS projects use the MIT License and are written in Golang. We encourage the same for external / third-party providers.
### How to use this code
We will setup all the standard HTTP routes for you, then start listening on a given TCP port - it should be 8080.
Just implement the supplied routes.
For an example checkout the [server.go](https://github.com/openfaas/faas-netes/blob/master/server.go) file in the [faas-netes](https://github.com/openfaas/faas-netes) Kubernetes backend.
I.e.:
```golang
bootstrapHandlers := bootTypes.FaaSHandlers{
FunctionProxy: handlers.MakeProxy(),
DeleteHandler: handlers.MakeDeleteHandler(clientset),
DeployHandler: handlers.MakeDeployHandler(clientset),
FunctionReader: handlers.MakeFunctionReader(clientset),
ReplicaReader: handlers.MakeReplicaReader(clientset),
ReplicaUpdater: handlers.MakeReplicaUpdater(clientset),
InfoHandler: handlers.MakeInfoHandler(),
}
var port int
port = 8080
bootstrapConfig := bootTypes.FaaSConfig{
ReadTimeout: time.Second * 8,
WriteTimeout: time.Second * 8,
TCPPort: &port,
}
bootstrap.Serve(&bootstrapHandlers, &bootstrapConfig)
```

View File

@ -1,16 +1,14 @@
// Copyright (c) OpenFaaS Author(s). All rights reserved.
// Licensed under the MIT license. See LICENSE file in the project root for full license information.
package handlers
package auth
import (
"net/http"
"github.com/openfaas/faas/gateway/types"
)
// DecorateWithBasicAuth enforces basic auth as a middleware with given credentials
func DecorateWithBasicAuth(next http.HandlerFunc, credentials *types.BasicAuthCredentials) http.HandlerFunc {
func DecorateWithBasicAuth(next http.HandlerFunc, credentials *BasicAuthCredentials) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user, password, ok := r.BasicAuth()

View File

@ -1,15 +1,13 @@
// Copyright (c) OpenFaaS Author(s). All rights reserved.
// Licensed under the MIT license. See LICENSE file in the project root for full license information.
package handlers
package auth
import (
"io"
"net/http"
"net/http/httptest"
"testing"
"github.com/openfaas/faas/gateway/types"
)
func Test_AuthWithValidPassword_Gives200(t *testing.T) {
@ -23,7 +21,7 @@ func Test_AuthWithValidPassword_Gives200(t *testing.T) {
wantPassword := "password"
r := httptest.NewRequest(http.MethodGet, "http://localhost:8080", nil)
r.SetBasicAuth(wantUser, wantPassword)
wantCredentials := &types.BasicAuthCredentials{
wantCredentials := &BasicAuthCredentials{
User: wantUser,
Password: wantPassword,
}
@ -52,7 +50,7 @@ func Test_AuthWithInvalidPassword_Gives403(t *testing.T) {
r := httptest.NewRequest(http.MethodGet, "http://localhost:8080", nil)
r.SetBasicAuth(wantUser, wantPassword)
wantCredentials := &types.BasicAuthCredentials{
wantCredentials := &BasicAuthCredentials{
User: wantUser,
Password: "",
}

View File

@ -1,4 +1,7 @@
package types
// Copyright (c) OpenFaaS Author(s). All rights reserved.
// Licensed under the MIT license. See LICENSE file in the project root for full license information.
package auth
import (
"fmt"

View File

@ -0,0 +1,63 @@
// Copyright (c) Alex Ellis 2017. All rights reserved.
// Licensed under the MIT license. See LICENSE file in the project root for full license information.
package bootstrap
import (
"fmt"
"log"
"net/http"
"github.com/gorilla/mux"
"github.com/openfaas/faas-provider/types"
)
var r *mux.Router
// Mark this as a Golang "package"
func init() {
r = mux.NewRouter()
}
// Router gives access to the underlying router for when new routes need to be added.
func Router() *mux.Router {
return r
}
// Serve load your handlers into the correct OpenFaaS route spec. This function is blocking.
func Serve(handlers *types.FaaSHandlers, config *types.FaaSConfig) {
r.HandleFunc("/system/functions", handlers.FunctionReader).Methods("GET")
r.HandleFunc("/system/functions", handlers.DeployHandler).Methods("POST")
r.HandleFunc("/system/functions", handlers.DeleteHandler).Methods("DELETE")
r.HandleFunc("/system/functions", handlers.UpdateHandler).Methods("PUT")
r.HandleFunc("/system/function/{name:[-a-zA-Z_0-9]+}", handlers.ReplicaReader).Methods("GET")
r.HandleFunc("/system/scale-function/{name:[-a-zA-Z_0-9]+}", handlers.ReplicaUpdater).Methods("POST")
r.HandleFunc("/function/{name:[-a-zA-Z_0-9]+}", handlers.FunctionProxy)
r.HandleFunc("/function/{name:[-a-zA-Z_0-9]+}/", handlers.FunctionProxy)
r.HandleFunc("/system/info", handlers.InfoHandler).Methods("GET")
if config.EnableHealth {
r.HandleFunc("/healthz", handlers.Health).Methods("GET")
}
readTimeout := config.ReadTimeout
writeTimeout := config.WriteTimeout
tcpPort := 8080
if config.TCPPort != nil {
tcpPort = *config.TCPPort
}
s := &http.Server{
Addr: fmt.Sprintf(":%d", tcpPort),
ReadTimeout: readTimeout,
WriteTimeout: writeTimeout,
MaxHeaderBytes: http.DefaultMaxHeaderBytes, // 1MB - can be overridden by setting Server.MaxHeaderBytes.
Handler: r,
}
log.Fatal(s.ListenAndServe())
}

View File

@ -0,0 +1,29 @@
package types
import (
"net/http"
"time"
)
// FaaSHandlers provide handlers for OpenFaaS
type FaaSHandlers struct {
FunctionReader http.HandlerFunc
DeployHandler http.HandlerFunc
DeleteHandler http.HandlerFunc
ReplicaReader http.HandlerFunc
FunctionProxy http.HandlerFunc
ReplicaUpdater http.HandlerFunc
// Optional: Update an existing function
UpdateHandler http.HandlerFunc
Health http.HandlerFunc
InfoHandler http.HandlerFunc
}
// FaaSConfig set config for HTTP handlers
type FaaSConfig struct {
TCPPort *int
ReadTimeout time.Duration
WriteTimeout time.Duration
EnableHealth bool
}

View File

@ -0,0 +1,22 @@
// Copyright (c) Alex Ellis 2017. All rights reserved.
// Licensed under the MIT license. See LICENSE file in the project root for full license information.
package types
type ScaleServiceRequest struct {
ServiceName string `json:"serviceName"`
Replicas uint64 `json:"replicas"`
}
// InfoRequest provides information about the underlying provider
type InfoRequest struct {
Provider string `json:"provider"`
Version ProviderVersion `json:"version"`
Orchestration string `json:"orchestration"`
}
// ProviderVersion provides the commit sha and release version number of the underlying provider
type ProviderVersion struct {
SHA string `json:"sha"`
Release string `json:"release"`
}