mirror of
https://github.com/openfaas/faas.git
synced 2025-06-23 15:23:29 +00:00
Bump queue-worker and NATS
NATS moved its primary library to: github.com/nats-io/stan.go This commit synchronises the library in the gateway to match the queue worker. Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
This commit is contained in:
Alex Ellis (OpenFaaS Ltd)
committed by
Alex Ellis
Alex Ellis
parent
542d7c0b83
commit
9bde25aedb
151
gateway/vendor/github.com/nats-io/jwt/imports.go
generated
vendored
Normal file
151
gateway/vendor/github.com/nats-io/jwt/imports.go
generated
vendored
Normal file
@ -0,0 +1,151 @@
|
||||
/*
|
||||
* Copyright 2018-2019 The NATS Authors
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package jwt
|
||||
|
||||
import (
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"time"
|
||||
)
|
||||
|
||||
// Import describes a mapping from another account into this one
|
||||
type Import struct {
|
||||
Name string `json:"name,omitempty"`
|
||||
// Subject field in an import is always from the perspective of the
|
||||
// initial publisher - in the case of a stream it is the account owning
|
||||
// the stream (the exporter), and in the case of a service it is the
|
||||
// account making the request (the importer).
|
||||
Subject Subject `json:"subject,omitempty"`
|
||||
Account string `json:"account,omitempty"`
|
||||
Token string `json:"token,omitempty"`
|
||||
// To field in an import is always from the perspective of the subscriber
|
||||
// in the case of a stream it is the client of the stream (the importer),
|
||||
// from the perspective of a service, it is the subscription waiting for
|
||||
// requests (the exporter). If the field is empty, it will default to the
|
||||
// value in the Subject field.
|
||||
To Subject `json:"to,omitempty"`
|
||||
Type ExportType `json:"type,omitempty"`
|
||||
}
|
||||
|
||||
// IsService returns true if the import is of type service
|
||||
func (i *Import) IsService() bool {
|
||||
return i.Type == Service
|
||||
}
|
||||
|
||||
// IsStream returns true if the import is of type stream
|
||||
func (i *Import) IsStream() bool {
|
||||
return i.Type == Stream
|
||||
}
|
||||
|
||||
// Validate checks if an import is valid for the wrapping account
|
||||
func (i *Import) Validate(actPubKey string, vr *ValidationResults) {
|
||||
if !i.IsService() && !i.IsStream() {
|
||||
vr.AddError("invalid import type: %q", i.Type)
|
||||
}
|
||||
|
||||
if i.Account == "" {
|
||||
vr.AddWarning("account to import from is not specified")
|
||||
}
|
||||
|
||||
i.Subject.Validate(vr)
|
||||
|
||||
if i.IsService() && i.Subject.HasWildCards() {
|
||||
vr.AddError("services cannot have wildcard subject: %q", i.Subject)
|
||||
}
|
||||
if i.IsStream() && i.To.HasWildCards() {
|
||||
vr.AddError("streams cannot have wildcard to subject: %q", i.Subject)
|
||||
}
|
||||
|
||||
var act *ActivationClaims
|
||||
|
||||
if i.Token != "" {
|
||||
// Check to see if its an embedded JWT or a URL.
|
||||
if url, err := url.Parse(i.Token); err == nil && url.Scheme != "" {
|
||||
c := &http.Client{Timeout: 5 * time.Second}
|
||||
resp, err := c.Get(url.String())
|
||||
if err != nil {
|
||||
vr.AddWarning("import %s contains an unreachable token URL %q", i.Subject, i.Token)
|
||||
}
|
||||
|
||||
if resp != nil {
|
||||
defer resp.Body.Close()
|
||||
body, err := ioutil.ReadAll(resp.Body)
|
||||
if err != nil {
|
||||
vr.AddWarning("import %s contains an unreadable token URL %q", i.Subject, i.Token)
|
||||
} else {
|
||||
act, err = DecodeActivationClaims(string(body))
|
||||
if err != nil {
|
||||
vr.AddWarning("import %s contains a url %q with an invalid activation token", i.Subject, i.Token)
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
var err error
|
||||
act, err = DecodeActivationClaims(i.Token)
|
||||
if err != nil {
|
||||
vr.AddWarning("import %q contains an invalid activation token", i.Subject)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if act != nil {
|
||||
if act.Issuer != i.Account {
|
||||
vr.AddWarning("activation token doesn't match account for import %q", i.Subject)
|
||||
}
|
||||
|
||||
if act.ClaimsData.Subject != actPubKey {
|
||||
vr.AddWarning("activation token doesn't match account it is being included in, %q", i.Subject)
|
||||
}
|
||||
} else {
|
||||
vr.AddWarning("no activation provided for import %s", i.Subject)
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// Imports is a list of import structs
|
||||
type Imports []*Import
|
||||
|
||||
// Validate checks if an import is valid for the wrapping account
|
||||
func (i *Imports) Validate(acctPubKey string, vr *ValidationResults) {
|
||||
toSet := make(map[Subject]bool, len(*i))
|
||||
for _, v := range *i {
|
||||
if v.Type == Service {
|
||||
if _, ok := toSet[v.To]; ok {
|
||||
vr.AddError("Duplicate To subjects for %q", v.To)
|
||||
}
|
||||
toSet[v.To] = true
|
||||
}
|
||||
v.Validate(acctPubKey, vr)
|
||||
}
|
||||
}
|
||||
|
||||
// Add is a simple way to add imports
|
||||
func (i *Imports) Add(a ...*Import) {
|
||||
*i = append(*i, a...)
|
||||
}
|
||||
|
||||
func (i Imports) Len() int {
|
||||
return len(i)
|
||||
}
|
||||
|
||||
func (i Imports) Swap(j, k int) {
|
||||
i[j], i[k] = i[k], i[j]
|
||||
}
|
||||
|
||||
func (i Imports) Less(j, k int) bool {
|
||||
return i[j].Subject < i[k].Subject
|
||||
}
|
||||
Reference in New Issue
Block a user