This changeset enables passing the basic auth credentials
to all /system/ calls to allow upstream providers to
perform authorization checks independent of the gateway.
This is essential for some providers, like Swarm, where
the system is accessible on the same network, and not
protected via the gateway
Signed-off-by: Burton Rheutan <rheutan7@gmail.com>
This was altered to "alexellis" for building a testing image,
but shouldn't have been pushed. Reverting.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
This reviews the code and fixes up suggestions made by team for
the HTTP paths PR #789.
- Removed feature-flag (this is backwards-compatible, so I see
no value in adding the flag)
- There was a URL transform happening for calls proxied to the
back end, I changed this for the nil-transform - i.e. it does not
change anything in the URL
- Introduced variables to describe the regex indicies used in
the URL trimming.
Tested with Docker Swarm with a ruby-microservice, with
system calls and with function calls using the UI.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
Previously, only the query string of the URL was passed through the Gateway.
With this change, the entire path requested by the client is passed through as well as the query string.
While fwatchdog already supported passing the path through, in practice this would not happen
since the Gateway would have swallowed it before forwarding the request to the watchdog.
With this change, the path portion after the function name is added to the Http_Path environment
variable, provided that cgiHeaders are enabled. This is similar to the of-watchdog equivalent.
Signed-off-by: Thomas E Lackey <telackey@bozemanpass.com>
This change exposes the gateway metrics with an exporter which
implements the Collector interface of prometheus.
This change Fixes#697
Signed-off-by: Ken Fukuyama <kenfdev@gmail.com>
This minor fix selects the 'Download' radio button by default if the
function has a label with `com.openfaas.ui.ext`.
Closes#827
Signed-off-by: Ken Fukuyama <kenfdev@gmail.com>
Add Host field to the queue.Request struct and copy it from Host field
of the HTTP request when converting HTTP request to queue.Request in
MakeQueuedProxy function.
Signed-off-by: Dmitri Rubinstein <dmitri.rubinstein@googlemail.com>
Host HTTP header was not propagated to the function because it is not
a part of http.Request.Header map.
Signed-off-by: Dmitri Rubinstein <dmitri.rubinstein@googlemail.com>
- exposes scale-function endpoint for use with faas-idler, this
is protected by auth when enabled.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
1. Add new annotation attributes which may be used
by the back-end for making scheduling or routing decisions.
2. Updated tests/README.md to give clearer instructions on creating and
tearing down the stack required to run the integration tests
3. Update ci.sh
* Fail as soon as an error is encountered
* Allow script to run locally in development environment, test if repos
are already cloned etc..
* Deploy ./stack.yml used by existing integration tests
Signed-off-by: Edward Wilde <ewilde@gmail.com>
Existing code has been used for scaling up and querying replicas.
This meant the new code was deleted and there is less duplication
now.
The cache store a whole query response rather than just the
available replica count and the tests were updated. This has been
tested with Docker swarm and the image:
openfaas/gateway:scale-17-07-2018
This feature now needs the env-var of scale_from_zero to be enabled
in order to turn on the scaling behaviour.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
This disables the scaling proxy by default since it is not the
default user-experience and is still under refinement.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
This change allows functions to be "idled" or scaled to zero
replicas and then be invoked later on. There is a penalty to
scaling up - the API gateway proxy will block until the function
is ready.
A cache is included to off-set the calls to upstream API to check
on readiness along with unit tests.
Testing via scaling to zero replicas and then invoking function.
On Swarm I observed 3 seconds on an Intel Nuc i5 for scaling back
from zero replicas.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
Adds flag to denote root-filesystem should be made read-only.
Needed for downstream work and re-vendoring in faas-swarm/faas-
netes and openfaas-operator.
Closes#723
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
Updated gateway to accept 202 as valid response code for
/system/scale-function/<function> along with 200.
Fixes: #faas-netes/245
Signed-off-by: Vivek Singh <vivekkmr45@yahoo.in>
This change adds a function URL field to the UI and a 'copy to
clipboard' button next to it. If the browser does not support the copy
command, the copy icon will be hidden.
Signed-off-by: Ken Fukuyama <kenfdev@gmail.com>
From Project to Author(s) for the catch-all. This file has my
copyright which is retained through the catch-all statement.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
1. Use httptest.ResponseRecorder instead of custom implementation
StringResponseWriter.
2. Remove verbose log line in infohandler
Signed-off-by: Edward Wilde <ewilde@gmail.com>
This commit reverts the changes done in #738 to update the default
secret mount path to `/run/secrets/`
Signed-off-by: Vivek Singh <vivekkmr45@yahoo.in>
This changes updates the secret mount path default value to
/var/openfaas/secrets at serveral places. It has been changed
from /run/secrets/ to /var/openfaas/secrets after version 0.8.2
Signed-off-by: Vivek Singh <vivekkmr45@yahoo.in>
This package version supports running OpenFaas on hosts the contain `.`
in their hostname i.e. computer-a.acme.com
Signed-off-by: Edward Wilde <ewilde@gmail.com>
**What**
- When determining the service name of the function, remove any trailing
slashes, the slashes are not allowed in service names for either Swarm
or K8S, so this can only be a left over from the url path
**Why**
- This was preventing service resolution, and hence failed functions,
when the function was called with a trailing slash
Fixes#714
Signed-off-by: Lucas Roesler <roesler.lucas@gmail.com>
Issue #660 has been open for a while to update to 1.9.6, this
performs the update to the latest in the 1.9 release (1.9.7)
Signed-off-by: Sean Smith <sean@wwsean08.com>
This change enables secrets to be read from any mount on disk
rather than hard-coding a certain location which suits Swarm or
K8s. The default value if not specified will look in the Swarm
location of /run/secrets/
README.md (docs) updated and set to off by default.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
Fixes https://github.com/openfaas/faas/issues/687 allowing the
gateway to handle the responsibility of basic auth for when it is
in use.
To enable set basic_auth env-var to true and then mount two
secrets or plaintext files under /var/secrets/
basic_auth_user, basic_auth_password
Tested with faas-cli list/deploy and with Safari browser.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
- Added padding to the "You need JavaScript page"
- Added padding to the "You need JavaScript page" - Added info about the CLI tthe "You need JavaScript" page
- Added a message for people who don't have JavaScript enabled
Signed-off-by: Rillian Grant <rillian.grant@hotmail.com>
Adds a more informative screen when a function is not selected
or when there are no functions to select from.
Provides a button to deploy a new function
and more information on how to deploy using
faas-cli.
Signed-off-by: ovation22 <john@1north.com>
Previous PR from Simon or Ken broke build due to missing gofmt
in the PR. This PR applies it to resolve the build issue.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
