faas-rs/faas
1
0
Fork 0
mirror of https://github.com/openfaas/faas.git synced 2025-06-09 08:46:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix error handling for ExternalAuth

Browse Source 
This corrects an issue where the error body was being hidden
for the external auth handler. It also adds the ca-certs into
the runtime Docker image for when the gateway is calling an
external plugin exposed over HTTPS.

Tested with OAuth2 plugin.

Signed-off-by: Alex Ellis <alexellis2@gmail.com>
This commit is contained in:
Alex Ellis 2019-06-14 19:17:25 +01:00
parent 3b027d3005
commit e3c976a428
3 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
gateway/Dockerfile
View File

@ -33,7 +33,7 @@ RUN license-check -path ./ --verbose=false "Alex Ellis" "OpenFaaS Project" "Open
-X github.com/openfaas/faas/gateway/version.Version=${VERSION}" \ -X github.com/openfaas/faas/gateway/version.Version=${VERSION}" \
-a -installsuffix cgo -o gateway . -a -installsuffix cgo -o gateway .
FROM alpine:3.8 FROM alpine:3.9
LABEL org.label-schema.license="MIT" \ LABEL org.label-schema.license="MIT" \
org.label-schema.vcs-url="https://github.com/openfaas/faas" \ org.label-schema.vcs-url="https://github.com/openfaas/faas" \
@ -43,7 +43,8 @@ LABEL org.label-schema.license="MIT" \
org.label-schema.docker.schema-version="1.0" org.label-schema.docker.schema-version="1.0"
RUN addgroup -S app \ RUN addgroup -S app \
&& adduser -S -g app app && adduser -S -g app app \
&& apk add --no-cache ca-certificates
WORKDIR /home/app WORKDIR /home/app

4
gateway/handlers/external_auth.go
View File

@ -3,6 +3,7 @@ package handlers
import ( import (
"context" "context"
"io" "io"
"log"
"net/http" "net/http"
"time" "time"
) )
@ -22,7 +23,8 @@ func MakeExternalAuthHandler(next http.HandlerFunc, upstreamTimeout time.Duratio
res, err := http.DefaultClient.Do(req.WithContext(deadlineContext)) res, err := http.DefaultClient.Do(req.WithContext(deadlineContext))
if err != nil { if err != nil {
w.WriteHeader(http.StatusInternalServerError) http.Error(w, err.Error(), http.StatusInternalServerError)
log.Printf("ExternalAuthHandler: %s", err.Error())
return return
} }

5
gateway/handlers/external_auth_test.go
View File

@ -4,6 +4,7 @@ import (
"bytes" "bytes"
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
"strings"
"testing" "testing"
"time" "time"
) )
@ -206,6 +207,10 @@ func Test_External_Auth_Wrapper_TimeoutGivesInternalServerError(t *testing.T) {
if rr.Code != want { if rr.Code != want {
t.Errorf("Status incorrect, want: %d, but got %d", want, rr.Code) t.Errorf("Status incorrect, want: %d, but got %d", want, rr.Code)
} }
wantSubstring := "context deadline exceeded\n"
if !strings.HasSuffix(string(rr.Body.Bytes()), wantSubstring) {
t.Errorf("Body incorrect, want to have suffix: %q, but got %q", []byte(wantSubstring), rr.Body)
}
} }
// // Test_External_Auth_Wrapper_PassesValidAuthButOnly200IsValid this test exists // // Test_External_Auth_Wrapper_PassesValidAuthButOnly200IsValid this test exists