faas-rs/faasd
1
0
Fork 0
mirror of https://github.com/openfaas/faasd.git synced 2025-06-08 16:06:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Copy headers in both directions in proxy

Browse Source 
* Issue was detected whilst testing 0.4.0 from @Waterdrips which
added basic auth, but the header was not being propagated.
* This code is tested in OpenFaaS already, but unit tests will
be added retrospectively.
* Proxy now reads the gateway URL via a channel instead of from
a file to make unit testing easier.

Basic auth now works as expected with faas-cli login / list.

Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
This commit is contained in:
Alex Ellis (OpenFaaS Ltd) 2019-12-31 17:34:54 +00:00 committed by Alex Ellis
parent 17845457e2
commit d785bebf4c
3 changed files with 74 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
cmd/up.go
View File

@ -2,16 +2,18 @@ package cmd
import ( import (
"fmt" "fmt"
"github.com/pkg/errors"
"io/ioutil" "io/ioutil"
"log" "log"
"os" "os"
"os/signal" "os/signal"
"path" "path"
"strings"
"sync" "sync"
"syscall" "syscall"
"time" "time"
"github.com/pkg/errors"
"github.com/alexellis/faasd/pkg" "github.com/alexellis/faasd/pkg"
"github.com/alexellis/k3sup/pkg/env" "github.com/alexellis/k3sup/pkg/env"
"github.com/sethvargo/go-password/password" "github.com/sethvargo/go-password/password"
@ -94,10 +96,30 @@ func runUp(_ *cobra.Command, _ []string) error {
}) })
}() }()
gatewayURLChan := make(chan string, 1)
proxy := pkg.NewProxy(timeout)
go proxy.Start(gatewayURLChan)
go func() { go func() {
wd, _ := os.Getwd() wd, _ := os.Getwd()
proxy := pkg.NewProxy(path.Join(wd, "hosts"), timeout)
proxy.Start() time.Sleep(3 * time.Second)
fileData, fileErr := ioutil.ReadFile(path.Join(wd, "hosts"))
if fileErr != nil {
log.Println(fileErr)
return
}
host := ""
lines := strings.Split(string(fileData), "\n")
for _, line := range lines {
if strings.Index(line, "gateway") > -1 {
host = line[:strings.Index(line, "\t")]
}
}
log.Printf("[up] Sending %s to proxy\n", host)
gatewayURLChan <- host
close(gatewayURLChan)
}() }()
wg.Wait() wg.Wait()
@ -130,10 +152,10 @@ func makeBasicAuthFiles() error {
func makeFile(filePath, fileContents string) error { func makeFile(filePath, fileContents string) error {
_, err := os.Stat(filePath) _, err := os.Stat(filePath)
if err == nil { if err == nil {
log.Printf("File exists: %q, Using data from this file",filePath) log.Printf("File exists: %q\n", filePath)
return nil return nil
} else if os.IsNotExist(err) { } else if os.IsNotExist(err) {
log.Printf("Writing file: %q", filePath) log.Printf("Writing to: %q\n", filePath)
return ioutil.WriteFile(filePath, []byte(fileContents), 0644) return ioutil.WriteFile(filePath, []byte(fileContents), 0644)
} else { } else {
return err return err
@ -143,12 +165,12 @@ func makeFile(filePath, fileContents string) error {
func makeServiceDefinitions(archSuffix string) []pkg.Service { func makeServiceDefinitions(archSuffix string) []pkg.Service {
wd, _ := os.Getwd() wd, _ := os.Getwd()
secretMountDir := "/run/secrets/" secretMountDir := "/run/secrets"
return []pkg.Service{ return []pkg.Service{
pkg.Service{ pkg.Service{
Name: "basic-auth-plugin", Name: "basic-auth-plugin",
Image: "docker.io/openfaas/basic-auth-plugin:0.18.10" + archSuffix, Image: "docker.io/openfaas/basic-auth-plugin:0.18.10" + archSuffix,
Env: []string{ Env: []string{
"port=8080", "port=8080",
"secret_mount_path=" + secretMountDir, "secret_mount_path=" + secretMountDir,
@ -157,16 +179,16 @@ func makeServiceDefinitions(archSuffix string) []pkg.Service {
}, },
Mounts: []pkg.Mount{ Mounts: []pkg.Mount{
pkg.Mount{ pkg.Mount{
Src:path.Join(wd, "/basic-auth-password"), Src: path.Join(wd, "basic-auth-password"),
Dest:secretMountDir + "basic-auth-password", Dest: path.Join(secretMountDir, "basic-auth-password"),
}, },
pkg.Mount{ pkg.Mount{
Src: path.Join(wd, "/basic-auth-user"), Src: path.Join(wd, "basic-auth-user"),
Dest: secretMountDir + "basic-auth-user", Dest: path.Join(secretMountDir, "basic-auth-user"),
}, },
}, },
Caps: []string{"CAP_NET_RAW"}, Caps: []string{"CAP_NET_RAW"},
Args: nil, Args: nil,
}, },
pkg.Service{ pkg.Service{
Name: "nats", Name: "nats",
@ -202,18 +224,18 @@ func makeServiceDefinitions(archSuffix string) []pkg.Service {
"auth_proxy_pass_body=false", "auth_proxy_pass_body=false",
"secret_mount_path=" + secretMountDir, "secret_mount_path=" + secretMountDir,
}, },
Image: "docker.io/openfaas/gateway:0.18.8" + archSuffix, Image: "docker.io/openfaas/gateway:0.18.8" + archSuffix,
Mounts: []pkg.Mount{ Mounts: []pkg.Mount{
pkg.Mount{ pkg.Mount{
Src:path.Join(wd, "/basic-auth-password"), Src: path.Join(wd, "basic-auth-password"),
Dest:secretMountDir + "basic-auth-password", Dest: path.Join(secretMountDir, "basic-auth-password"),
}, },
pkg.Mount{ pkg.Mount{
Src: path.Join(wd, "/basic-auth-user"), Src: path.Join(wd, "basic-auth-user"),
Dest: secretMountDir + "basic-auth-user", Dest: path.Join(secretMountDir, "basic-auth-user"),
}, },
}, },
Caps: []string{"CAP_NET_RAW"}, Caps: []string{"CAP_NET_RAW"},
}, },
pkg.Service{ pkg.Service{
Name: "queue-worker", Name: "queue-worker",
@ -228,18 +250,18 @@ func makeServiceDefinitions(archSuffix string) []pkg.Service {
"basic_auth=true", "basic_auth=true",
"secret_mount_path=" + secretMountDir, "secret_mount_path=" + secretMountDir,
}, },
Image: "docker.io/openfaas/queue-worker:0.9.0", Image: "docker.io/openfaas/queue-worker:0.9.0",
Mounts: []pkg.Mount{ Mounts: []pkg.Mount{
pkg.Mount{ pkg.Mount{
Src:path.Join(wd, "/basic-auth-password"), Src: path.Join(wd, "basic-auth-password"),
Dest:secretMountDir + "basic-auth-password", Dest: path.Join(secretMountDir, "basic-auth-password"),
}, },
pkg.Mount{ pkg.Mount{
Src: path.Join(wd, "/basic-auth-user"), Src: path.Join(wd, "basic-auth-user"),
Dest: secretMountDir + "basic-auth-user", Dest: path.Join(secretMountDir, "basic-auth-user"),
}, },
}, },
Caps: []string{"CAP_NET_RAW"}, Caps: []string{"CAP_NET_RAW"},
}, },
} }
} }

37
pkg/proxy.go
View File

@ -6,48 +6,36 @@ import (
"io/ioutil" "io/ioutil"
"log" "log"
"net/http" "net/http"
"strings"
"time" "time"
) )
func NewProxy(hosts string, timeout time.Duration) *Proxy { func NewProxy(timeout time.Duration) *Proxy {
return &Proxy{ return &Proxy{
Hosts: hosts,
Timeout: timeout, Timeout: timeout,
} }
} }
type Proxy struct { type Proxy struct {
Hosts string
Timeout time.Duration Timeout time.Duration
} }
func (p *Proxy) Start() error { func (p *Proxy) Start(gatewayChan chan string) error {
tcp := 8080 tcp := 8080
http.DefaultClient.CheckRedirect = func(req *http.Request, via []*http.Request) error { http.DefaultClient.CheckRedirect = func(req *http.Request, via []*http.Request) error {
return http.ErrUseLastResponse return http.ErrUseLastResponse
} }
time.Sleep(3 * time.Second)
log.Printf("Starting faasd proxy on %d\n", tcp)
data := struct{ host string }{ data := struct{ host string }{
host: "", host: "",
} }
fileData, fileErr := ioutil.ReadFile(p.Hosts) data.host = <-gatewayChan
if fileErr != nil {
return fileErr log.Printf("Starting faasd proxy on %d\n", tcp)
}
lines := strings.Split(string(fileData), "\n")
for _, line := range lines {
if strings.Index(line, "gateway") > -1 {
data.host = line[:strings.Index(line, "\t")]
}
}
fmt.Printf("Gateway: %s\n", data.host) fmt.Printf("Gateway: %s\n", data.host)
s := &http.Server{ s := &http.Server{
@ -72,6 +60,8 @@ func (p *Proxy) Start() error {
wrapper := ioutil.NopCloser(r.Body) wrapper := ioutil.NopCloser(r.Body)
upReq, upErr := http.NewRequest(r.Method, upstream, wrapper) upReq, upErr := http.NewRequest(r.Method, upstream, wrapper)
copyHeaders(upReq.Header, &r.Header)
if upErr != nil { if upErr != nil {
log.Println(upErr) log.Println(upErr)
@ -88,9 +78,7 @@ func (p *Proxy) Start() error {
return return
} }
for k, v := range upRes.Header { copyHeaders(w.Header(), &upRes.Header)
w.Header().Set(k, v[0])
}
w.WriteHeader(upRes.StatusCode) w.WriteHeader(upRes.StatusCode)
io.Copy(w, upRes.Body) io.Copy(w, upRes.Body)
@ -100,3 +88,12 @@ func (p *Proxy) Start() error {
return s.ListenAndServe() return s.ListenAndServe()
} }
// copyHeaders clones the header values from the source into the destination.
func copyHeaders(destination http.Header, source *http.Header) {
for k, v := range *source {
vClone := make([]string, len(v))
copy(vClone, v)
destination[k] = vClone
}
}

18
pkg/supervisor.go
View File

@ -153,7 +153,7 @@ func (s *Supervisor) Start(svcs []Service) error {
) )
if containerCreateErr != nil { if containerCreateErr != nil {
log.Println(containerCreateErr) log.Printf("Error creating container %s\n", containerCreateErr)
return containerCreateErr return containerCreateErr
} }
@ -161,7 +161,7 @@ func (s *Supervisor) Start(svcs []Service) error {
task, err := newContainer.NewTask(ctx, cio.NewCreator(cio.WithStdio)) task, err := newContainer.NewTask(ctx, cio.NewCreator(cio.WithStdio))
if err != nil { if err != nil {
log.Println(err) log.Printf("Error creating task: %s\n", err)
return err return err
} }
@ -175,19 +175,21 @@ func (s *Supervisor) Start(svcs []Service) error {
writeErr := ioutil.WriteFile("hosts", hosts, 0644) writeErr := ioutil.WriteFile("hosts", hosts, 0644)
if writeErr != nil { if writeErr != nil {
log.Println("Error writing hosts file") log.Printf("Error writing file %s %s\n", "hosts", writeErr)
} }
// os.Chown("hosts", 101, 101) // os.Chown("hosts", 101, 101)
exitStatusC, err := task.Wait(ctx) _, err = task.Wait(ctx)
if err != nil { if err != nil {
log.Println(err) log.Printf("Wait err: %s\n", err)
return err return err
} }
log.Println("Exited: ", exitStatusC)
if err := task.Start(ctx); err != nil { log.Printf("Task: %s\tContainer: %s\n", task.ID(), newContainer.ID())
log.Println("Task err: ", err) // log.Println("Exited: ", exitStatusC)
if err = task.Start(ctx); err != nil {
log.Printf("Task err: %s\n", err)
return err return err
} }
} }