- The path clipping / transforming behaviour must be turned-off
when we are not using direct_functions as is used in
faas-nomad and faas-ecs. This will need a change in each provider
to strip paths, but fixes a 404 error these users will see if they
upgrade to 0.9.2 or newer. 0.9.3 will have a this fix meaning
the whole un-edited path is passed to the provider when
direct_functions is set to false.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
- remove http client host override fix#847
- X-Forwarded-For and X-Forwarded-Host are usually handled by the ingress
controller, if those headers are not set then the gateway will create them
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
The basic-auth middleware and credentials-loading code has been
moved into the faas-provider project. This has now been brought
back into the faas project via vendoring.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
This reviews the code and fixes up suggestions made by team for
the HTTP paths PR #789.
- Removed feature-flag (this is backwards-compatible, so I see
no value in adding the flag)
- There was a URL transform happening for calls proxied to the
back end, I changed this for the nil-transform - i.e. it does not
change anything in the URL
- Introduced variables to describe the regex indicies used in
the URL trimming.
Tested with Docker Swarm with a ruby-microservice, with
system calls and with function calls using the UI.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
Previously, only the query string of the URL was passed through the Gateway.
With this change, the entire path requested by the client is passed through as well as the query string.
While fwatchdog already supported passing the path through, in practice this would not happen
since the Gateway would have swallowed it before forwarding the request to the watchdog.
With this change, the path portion after the function name is added to the Http_Path environment
variable, provided that cgiHeaders are enabled. This is similar to the of-watchdog equivalent.
Signed-off-by: Thomas E Lackey <telackey@bozemanpass.com>
Add Host field to the queue.Request struct and copy it from Host field
of the HTTP request when converting HTTP request to queue.Request in
MakeQueuedProxy function.
Signed-off-by: Dmitri Rubinstein <dmitri.rubinstein@googlemail.com>
Host HTTP header was not propagated to the function because it is not
a part of http.Request.Header map.
Signed-off-by: Dmitri Rubinstein <dmitri.rubinstein@googlemail.com>
Existing code has been used for scaling up and querying replicas.
This meant the new code was deleted and there is less duplication
now.
The cache store a whole query response rather than just the
available replica count and the tests were updated. This has been
tested with Docker swarm and the image:
openfaas/gateway:scale-17-07-2018
This feature now needs the env-var of scale_from_zero to be enabled
in order to turn on the scaling behaviour.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
This change allows functions to be "idled" or scaled to zero
replicas and then be invoked later on. There is a penalty to
scaling up - the API gateway proxy will block until the function
is ready.
A cache is included to off-set the calls to upstream API to check
on readiness along with unit tests.
Testing via scaling to zero replicas and then invoking function.
On Swarm I observed 3 seconds on an Intel Nuc i5 for scaling back
from zero replicas.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
1. Use httptest.ResponseRecorder instead of custom implementation
StringResponseWriter.
2. Remove verbose log line in infohandler
Signed-off-by: Edward Wilde <ewilde@gmail.com>
**What**
- When determining the service name of the function, remove any trailing
slashes, the slashes are not allowed in service names for either Swarm
or K8S, so this can only be a left over from the url path
**Why**
- This was preventing service resolution, and hence failed functions,
when the function was called with a trailing slash
Fixes#714
Signed-off-by: Lucas Roesler <roesler.lucas@gmail.com>
This change enables secrets to be read from any mount on disk
rather than hard-coding a certain location which suits Swarm or
K8s. The default value if not specified will look in the Swarm
location of /run/secrets/
README.md (docs) updated and set to off by default.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
Fixes https://github.com/openfaas/faas/issues/687 allowing the
gateway to handle the responsibility of basic auth for when it is
in use.
To enable set basic_auth env-var to true and then mount two
secrets or plaintext files under /var/secrets/
basic_auth_user, basic_auth_password
Tested with faas-cli list/deploy and with Safari browser.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
Previous PR from Simon or Ken broke build due to missing gofmt
in the PR. This PR applies it to resolve the build issue.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
Introduced an new label to set the scaling factor that is used to calculate th proportions, setting it to 0 also allows to disable scaling.
Updated the tests to reflect the changes and added a new test which shows that setting the scaling factor to 0 indeed does disable scaling.
Ensured that the scaling factor is always between [0 and 100].
Signed-off-by: Simon Pelczer <templum.dev@gmail.com>
The unit tests were inside the `gateway/tests` directory which had no
effect to the coverage for `go test`. Therefore, moved the tests inside
the same directory as the test target.
Signed-off-by: Ken Fukuyama <kenfdev@gmail.com>
Proxy body was being passed correctly due to placement of defer
statement. This has been moved into outer scope to resolve issue.
Tested with new e2e tests in certifier component.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
HTTP proxy was not passing query-string upstream. This change
reinstates the behaviour through TDD - adding test coverage and
automated regression testing.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
This commit replaces occurences of http method strings with the
corresponding consts from the http package.
*Note* UPDATE is not strictly speaking a valid method and as such isn't
part of the http package (should be a PUT or PATCH?)
Signed-off-by: John McCabe <john@johnmccabe.net>
Adds a pair of configuration options for performance tuning. The
gateway can now invoke functions directly and can bypass the
provider. See updated table in README.md for configuration values.
BaseURLResolver is added with unit tests that decouples resolving
upstream URL from the reverse proxy client code.
- SingleHostBaseURLResolver resolves a single upstream host
- FunctionAsHostBaseURLResolver resolves host based upon conventions
within the URL of the request to a function for direct access
Tested with Kubernetes (faas-netes) and faas-swarm through UI, CLI
calling system endpoints and functions directly.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
**What**
- Add a description for the secret key to the api swagger spec.
- Remove optional examples from the secret management guide.
- Update the ApiKeyProtected README to point at the new guide.
- Refactor the `makeSpec` function to accept the already assembled secrets
array because this should be easier to unit test.
Signed-off-by: Lucas Roesler <lucas.roesler@gmail.com>
**What**
- Add the ability to specify secrets as a csv
- Vendor the docker/cli/opts
- Update the guide for secrets to use the `faas-cli`
**Why**
- Allowing the csv specification of secrets gives users more control about how
those secrets are mounted into the container. This is good for things like
key rotation and for developers that are building on top of OpenFaaS.
Signed-off-by: Lucas Roesler <lucas.roesler@gmail.com>
**What**
- During function creation, accept an array of strings defining swarm secrets
that are required for the service
- Update docs
- Add new guide on using the secrets capability
- Add new sample function to highlight using environment variables
- Update `ApiKeyProtected` sample function to utilize the new secrets
capabilities
**Why**
- This allows secrets to remain encrypted at rest instead of being unencrypted
in environment variables and yaml files.
Fixes#285
Signed-off-by: Lucas Roesler <lucas.roesler@gmail.com>
