Add auth for gateway calls to /system/async-report

[viveksyngh]

This commit adds basic authenctication for the gateway to report metrics of the function when it is called asynchronously.

Signed-off-by: Vivek Singh vivekkmr45@yahoo.in

Description

Motivation and Context

• [x] I have raised an issue to propose this change (required)

Fixes: #35

How Has This Been Tested?

I have tested on Docker for Mac with OpenFaaS Deployed on Docker swarm

Testcase-1: Positive case with authentication enabled

1. Deploy OpenFaaS with authetication enabled with developemt gateway
2. Deployed development queue-worker service

Output:

func_queue-worker.1.5j4r4hhdnr93@linuxkit-025000000001    | Request for figlet.
func_queue-worker.1.5j4r4hhdnr93@linuxkit-025000000001    | [#2] Received on [faas-request]: 'sequence:5 subject:"faas-request" data:"{\"Header\":{\"Accept-Encoding\":[\"gzip\"],\"Authorization\":[\"Basic YWRtaW46ZTY2Zjc2ZDc4ZmE5ZDU2ODk5NzZhYjVhNzJiYmFiMDFmZjBkZjEzMTM3OGVhMzE3NTgxMDc3OWE4ZjA0MzA3NA==\"],\"Content-Length\":[\"6\"],\"Content-Type\":[\"text/plain\"],\"User-Agent\":[\"Go-http-client/1.1\"],\"X-Call-Id\":[\"e3731439-e872-48fd-ad52-23f76cdcfa23\"],\"X-Start-Time\":[\"1536227465712189800\"]},\"Host\":\"127.0.0.1:8080\",\"Body\":\"Vml2ZWsK\",\"Method\":\"POST\",\"Path\":\"\",\"QueryString\":\"\",\"Function\":\"figlet\",\"CallbackUrl\":null}" timestamp:1536227465712929000 '
func_queue-worker.1.5j4r4hhdnr93@linuxkit-025000000001    | Wrote 162 Bytes
func_queue-worker.1.5j4r4hhdnr93@linuxkit-025000000001    | 200 OK
func_queue-worker.1.5j4r4hhdnr93@linuxkit-025000000001    | Posting report - 200

Testcase-2: Negative case with authentication enabled, No secrets in queue-worker service

1. Deploy OpenFaaS with authetication enabled with latest developemt gateway
2. Deployed development queue-worker service and remove baic-auth secrets from queue-worker service

Output:

func_queue-worker.1.wayeq7x8sfxl@linuxkit-025000000001    | [#1] Received on [faas-request]: 'sequence:6 subject:"faas-request" data:"{\"Header\":{\"Accept-Encoding\":[\"gzip\"],\"Authorization\":[\"Basic YWRtaW46ZTY2Zjc2ZDc4ZmE5ZDU2ODk5NzZhYjVhNzJiYmFiMDFmZjBkZjEzMTM3OGVhMzE3NTgxMDc3OWE4ZjA0MzA3NA==\"],\"Content-Length\":[\"6\"],\"Content-Type\":[\"text/plain\"],\"User-Agent\":[\"Go-http-client/1.1\"],\"X-Call-Id\":[\"eda826fb-1633-48d3-a0df-82695ed98657\"],\"X-Start-Time\":[\"1536227638385668000\"]},\"Host\":\"127.0.0.1:8080\",\"Body\":\"Vml2ZWsK\",\"Method\":\"POST\",\"Path\":\"\",\"QueryString\":\"\",\"Function\":\"figlet\",\"CallbackUrl\":null}" timestamp:1536227638386352700 '
func_queue-worker.1.wayeq7x8sfxl@linuxkit-025000000001    | Request for figlet.
func_queue-worker.1.wayeq7x8sfxl@linuxkit-025000000001    | Wrote 162 Bytes
func_queue-worker.1.wayeq7x8sfxl@linuxkit-025000000001    | 200 OK
func_queue-worker.1.wayeq7x8sfxl@linuxkit-025000000001    | Error with AddBasicAuth : Unable to read basic auth: unable to load /run/secrets/basic-auth-user
func_queue-worker.1.wayeq7x8sfxl@linuxkit-025000000001    | Posting report - 401

Testcase-3: Positive case with authentication disabled, secrets passed in queue-worker service

1. Deploy OpenFaaS with authentication disabled with latest development gateway
2. Deployed developement queue-worker service with basic-auth secrets

Output:

func_queue-worker.1.5j4r4hhdnr93@linuxkit-025000000001    | [#1] Received on [faas-request]: 'sequence:4 subject:"faas-request" data:"{\"Header\":{\"Accept-Encoding\":[\"gzip\"],\"Authorization\":[\"Basic YWRtaW46ZTY2Zjc2ZDc4ZmE5ZDU2ODk5NzZhYjVhNzJiYmFiMDFmZjBkZjEzMTM3OGVhMzE3NTgxMDc3OWE4ZjA0MzA3NA==\"],\"Content-Length\":[\"6\"],\"Content-Type\":[\"text/plain\"],\"User-Agent\":[\"Go-http-client/1.1\"],\"X-Call-Id\":[\"cf976ecf-75f2-4683-b05e-7c8e5a48c0bd\"],\"X-Start-Time\":[\"1536227320141442100\"]},\"Host\":\"127.0.0.1:8080\",\"Body\":\"Vml2ZWsK\",\"Method\":\"POST\",\"Path\":\"\",\"QueryString\":\"\",\"Function\":\"figlet\",\"CallbackUrl\":null}" timestamp:1536227320142143700 '
func_queue-worker.1.5j4r4hhdnr93@linuxkit-025000000001    | Request for figlet.
func_queue-worker.1.5j4r4hhdnr93@linuxkit-025000000001    | Wrote 162 Bytes
func_queue-worker.1.5j4r4hhdnr93@linuxkit-025000000001    | 200 OK
func_queue-worker.1.5j4r4hhdnr93@linuxkit-025000000001    | Posting report - 200

Testcase-4: Positive test case with authetication disabled, secrets not passed in queue-worker service

1. Deploy OpenFaaS with authentication disabled with latest development gateway
2. Deployed developement queue-worker service without basic-auth secrets

Output:

func_queue-worker.1.qvdcfs67ksvh@linuxkit-025000000001    | Request for figlet.
func_queue-worker.1.qvdcfs67ksvh@linuxkit-025000000001    | [#1] Received on [faas-request]: 'sequence:3 subject:"faas-request" data:"{\"Header\":{\"Accept-Encoding\":[\"gzip\"],\"Authorization\":[\"Basic YWRtaW46ZTY2Zjc2ZDc4ZmE5ZDU2ODk5NzZhYjVhNzJiYmFiMDFmZjBkZjEzMTM3OGVhMzE3NTgxMDc3OWE4ZjA0MzA3NA==\"],\"Content-Length\":[\"6\"],\"Content-Type\":[\"text/plain\"],\"User-Agent\":[\"Go-http-client/1.1\"],\"X-Call-Id\":[\"60db984a-fdcf-4219-afe2-a2c2ce337d66\"],\"X-Start-Time\":[\"1536227171301993300\"]},\"Host\":\"127.0.0.1:8080\",\"Body\":\"Vml2ZWsK\",\"Method\":\"POST\",\"Path\":\"\",\"QueryString\":\"\",\"Function\":\"figlet\",\"CallbackUrl\":null}" timestamp:1536227171302635000 '
func_queue-worker.1.qvdcfs67ksvh@linuxkit-025000000001    | Wrote 162 Bytes
func_queue-worker.1.qvdcfs67ksvh@linuxkit-025000000001    | Error with AddBasicAuth : Unable to read basic auth: unable to load /run/secrets/basic-auth-user
func_queue-worker.1.qvdcfs67ksvh@linuxkit-025000000001    | 200 OK
func_queue-worker.1.qvdcfs67ksvh@linuxkit-025000000001    | Posting report - 200

Types of changes

• [ ] Bug fix (non-breaking change which fixes an issue)
• [ ] New feature (non-breaking change which adds functionality)
• [ ] Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• [x] My code follows the code style of this project.
• [ ] My change requires a change to the documentation.
• [ ] I have updated the documentation accordingly.
• [x] I've read the CONTRIBUTION guide
• [x] I have signed-off my commits with git commit -s
• [ ] I have added tests to cover my changes.
• [ ] All new and existing tests passed.

[alexellis]

Excellent detail on the test scenarios.

[viveksyngh]

I have used faas-provider to vendor load credentials code instead of faas. is any other changes required for this?

[alexellis]

I've released this now via https://github.com/openfaas/nats-queue-worker/releases/tag/0.5.1

Please could you update all the relevant places / YAML files in a PR for faas/faas-netes?

[viveksyngh]

yes