- added secret definition and removed types used previously
Remove structs for secrets
- after discussion on PR the core contributors decided we just
want simple CRUD with the Secret type.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
This change set downloads the CDN resources for the gateway
and bundles them with the other static resources for the UI.
This is needed for situations where a user does not have access
to the CDN either because of firewall rules or network policy.
The files and versions remain the same, only now loaded locally
with directory paths matching the CDN paths.
Signed-off-by: Burton Rheutan <rheutan7@gmail.com>
- this reinstates the cache to reduce the count of lookups to the
provider when checking if scaling is needed.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
- this change is needed for Docker Swarm which may give an error
when several concurrent requests come in to scale a deployment.
Tested on Docker Swarm before/after with the hey tool and figlet
scaled down to zero replicas.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
- extracting this package means it can be used in other components
such as the asynchronous nats-queue-worker which may need to
invoke functions which are scaled down to zero replicas.
Ref: https://github.com/openfaas/nats-queue-worker/issues/32
Tested on Docker Swarm for scaling up, already scaled and not
found error.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
- as reported on Slack and in issue #931 the gateway scaling code
was scaling to zero replicas as a result of the "proportional
scaling" added by @Templum's PR. This commit added a failing test
which was fixed by adding boundary checking - now if the scaling
amount is "0" we keep the current amount of replicas.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
Trivial change to add logging around scale from zero events in scaling.go.
Previously scale from zero events were not logged in the same way that normal
scaling events are. This change adds log writes to show when a scale from zero
was requested and when a function successfully moved to > 0 replicas.
Signed-off-by: Richard Gee <richard@technologee.co.uk>
- Covers part of 919 by making the HTTP client used for proxying
stop following redirects. Tested with a stateless microservice,
but additional code changes may be requierd in the queue-worker,
the watchdogs and other areas.
Tested on Swarm with stateless microservice (Node.js) issuing
a redirect via Location header.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
- Removes use of "our" from CONTRIBUTING guide
- Updates/adds README.md files
- Commnents and typo fix in watchdog
- Adds good/bad examples of commit messages
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
- updates comments and adds where missing
- updates locks so that unlock is done via defer instead of
at the end of the statement
- extracts timeout variable in two places
- remove makeClient() unused method from metrics package
No-harm changes tested via go build.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
Within MakeScalingHandler() there is a call to GetReplicas() which was not returning an error when a non-200 http response was received from /system/function/. The call would also return a populated struct, so the perception was that a function existed an had been scaled to zero. This meant that the function would be added to the function cache and the code would continue into SetReplicas() where an attempt would be made to scale up a non-existent function.
This change amends GetReplicas() so that it will return an error if the gateway returns anything other than a 200 reponse code from the /system/function/ endpoint. This causes MakeScalingHandler() to return earlier with an error indicating that the function could not be found. The cache.Set call is also moved to after the error check so that the cache is only updated to include existent functions.
During investigations as to the cause of #876 tests were added to function_cache to check that Get() is behaving as intended when function exists and when not. Tests are also added to plugin/external to test that GetReplicas() and SetReplicas() are following their intended modes of operation when 200 and non-200 responses are received from the gateway.
Signed-off-by: Richard Gee <richard@technologee.co.uk>
- The path clipping / transforming behaviour must be turned-off
when we are not using direct_functions as is used in
faas-nomad and faas-ecs. This will need a change in each provider
to strip paths, but fixes a 404 error these users will see if they
upgrade to 0.9.2 or newer. 0.9.3 will have a this fix meaning
the whole un-edited path is passed to the provider when
direct_functions is set to false.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
- remove http client host override fix#847
- X-Forwarded-For and X-Forwarded-Host are usually handled by the ingress
controller, if those headers are not set then the gateway will create them
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This commit adds basic authentication for `/system/async-report`
endpoint.
It also adds basic-auth secrets to `queue-worker` service which will be
used for gateway calls to `/system/async-report`.
Signed-off-by: Vivek Singh <vivekkmr45@yahoo.in>
The basic-auth middleware and credentials-loading code has been
moved into the faas-provider project. This has now been brought
back into the faas project via vendoring.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
Code-review/refactoring for #843. Closes#843.
FaaSHandlers has had info and query handlers added to its list
of types for consistency.
Secrets added to queue-worker component ready for next PR.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
This changeset enables passing the basic auth credentials
to all /system/ calls to allow upstream providers to
perform authorization checks independent of the gateway.
This is essential for some providers, like Swarm, where
the system is accessible on the same network, and not
protected via the gateway
Signed-off-by: Burton Rheutan <rheutan7@gmail.com>
This was altered to "alexellis" for building a testing image,
but shouldn't have been pushed. Reverting.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
This reviews the code and fixes up suggestions made by team for
the HTTP paths PR #789.
- Removed feature-flag (this is backwards-compatible, so I see
no value in adding the flag)
- There was a URL transform happening for calls proxied to the
back end, I changed this for the nil-transform - i.e. it does not
change anything in the URL
- Introduced variables to describe the regex indicies used in
the URL trimming.
Tested with Docker Swarm with a ruby-microservice, with
system calls and with function calls using the UI.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
Previously, only the query string of the URL was passed through the Gateway.
With this change, the entire path requested by the client is passed through as well as the query string.
While fwatchdog already supported passing the path through, in practice this would not happen
since the Gateway would have swallowed it before forwarding the request to the watchdog.
With this change, the path portion after the function name is added to the Http_Path environment
variable, provided that cgiHeaders are enabled. This is similar to the of-watchdog equivalent.
Signed-off-by: Thomas E Lackey <telackey@bozemanpass.com>
