If JWT authentication is enabled by setting the env variable jwt_auth: true in the stack.yml file the watchdog requires an OpenFaaS function token for request authentication.
Authentication tokens can be optioned through OpenFaaS IAM.
The watchdog verifies the token is valid and checks of an actor is authorized to invoke the function by looking at the function claim in the token and validating the permissions.
Motivation and Context
[ ] I have raised an issue to propose this change (required)
Support IAM authentication for functions.
How Has This Been Tested?
Unit tests were added.
Changes have been tested by running the watchdog locally and invoking it with and without a function token.
During these test the OPENFAAS_NAME and OPENFAAS_NAMESPACE env variable were changed to simulate different functions in multiple namespaces.
Description
If JWT authentication is enabled by setting the env variable
jwt_auth: true
in thestack.yml
file the watchdog requires an OpenFaaS function token for request authentication.Authentication tokens can be optioned through OpenFaaS IAM.
The watchdog verifies the token is valid and checks of an actor is authorized to invoke the function by looking at the
function
claim in the token and validating the permissions.Motivation and Context
Support IAM authentication for functions.
How Has This Been Tested?
Changes have been tested by running the watchdog locally and invoking it with and without a function token. During these test the
OPENFAAS_NAME
andOPENFAAS_NAMESPACE
env variable were changed to simulate different functions in multiple namespaces.Types of changes
Checklist:
git commit -s