From e3c976a428038ea5a7cf9c403623896d808aca5a Mon Sep 17 00:00:00 2001 From: Alex Ellis Date: Fri, 14 Jun 2019 19:17:25 +0100 Subject: [PATCH] Fix error handling for ExternalAuth This corrects an issue where the error body was being hidden for the external auth handler. It also adds the ca-certs into the runtime Docker image for when the gateway is calling an external plugin exposed over HTTPS. Tested with OAuth2 plugin. Signed-off-by: Alex Ellis --- gateway/Dockerfile | 5 +++-- gateway/handlers/external_auth.go | 4 +++- gateway/handlers/external_auth_test.go | 5 +++++ 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/gateway/Dockerfile b/gateway/Dockerfile index c5cc647c..497113aa 100644 --- a/gateway/Dockerfile +++ b/gateway/Dockerfile @@ -33,7 +33,7 @@ RUN license-check -path ./ --verbose=false "Alex Ellis" "OpenFaaS Project" "Open -X github.com/openfaas/faas/gateway/version.Version=${VERSION}" \ -a -installsuffix cgo -o gateway . -FROM alpine:3.8 +FROM alpine:3.9 LABEL org.label-schema.license="MIT" \ org.label-schema.vcs-url="https://github.com/openfaas/faas" \ @@ -43,7 +43,8 @@ LABEL org.label-schema.license="MIT" \ org.label-schema.docker.schema-version="1.0" RUN addgroup -S app \ - && adduser -S -g app app + && adduser -S -g app app \ + && apk add --no-cache ca-certificates WORKDIR /home/app diff --git a/gateway/handlers/external_auth.go b/gateway/handlers/external_auth.go index cf433ae4..47dcf3c8 100644 --- a/gateway/handlers/external_auth.go +++ b/gateway/handlers/external_auth.go @@ -3,6 +3,7 @@ package handlers import ( "context" "io" + "log" "net/http" "time" ) @@ -22,7 +23,8 @@ func MakeExternalAuthHandler(next http.HandlerFunc, upstreamTimeout time.Duratio res, err := http.DefaultClient.Do(req.WithContext(deadlineContext)) if err != nil { - w.WriteHeader(http.StatusInternalServerError) + http.Error(w, err.Error(), http.StatusInternalServerError) + log.Printf("ExternalAuthHandler: %s", err.Error()) return } diff --git a/gateway/handlers/external_auth_test.go b/gateway/handlers/external_auth_test.go index a4237f53..f507e7b3 100644 --- a/gateway/handlers/external_auth_test.go +++ b/gateway/handlers/external_auth_test.go @@ -4,6 +4,7 @@ import ( "bytes" "net/http" "net/http/httptest" + "strings" "testing" "time" ) @@ -206,6 +207,10 @@ func Test_External_Auth_Wrapper_TimeoutGivesInternalServerError(t *testing.T) { if rr.Code != want { t.Errorf("Status incorrect, want: %d, but got %d", want, rr.Code) } + wantSubstring := "context deadline exceeded\n" + if !strings.HasSuffix(string(rr.Body.Bytes()), wantSubstring) { + t.Errorf("Body incorrect, want to have suffix: %q, but got %q", []byte(wantSubstring), rr.Body) + } } // // Test_External_Auth_Wrapper_PassesValidAuthButOnly200IsValid this test exists