Add support for IAM namespaces on IBM Cloud

serverless / serverless-openwhisk

Adds Apache OpenWhisk support to the Serverless Framework!

http://openwhisk.org/

MIT License

143 stars 46 forks source link

Add support for IAM namespaces on IBM Cloud #169

Open jthomas opened 5 years ago

jthomas commented 5 years ago

Need to use custom auth plugin for new IAM-based namespaces.

https://github.com/ibm-functions/iam-token-manager-nodejs

jthomas commented 5 years ago

Should also provide a mechanism to add service access policies to Cloud Functions namespace for other services.

dpittner commented 5 years ago

I've a patch available that adds IAM, however there seems https://github.com/serverless/serverless-openwhisk/issues/167 introduced a regression, e.g. applying the patch to an earlier version works. https://github.com/serverless/serverless-openwhisk/pull/172

jthomas commented 5 years ago

@dpittner Could you open an issue with details on the regression and I'll have a look?

jthomas commented 5 years ago

I've started work on this feature. https://github.com/serverless/serverless-openwhisk/commit/9e6930f8fd8de94adbca2c5b69e0dcc5fc5a28e4

I also want to add support to use the ibmcloud iam oauth-tokens command to automatically create the token rather than having to manually provision and use API keys.

jthomas commented 5 years ago

More work on this issue has enabled support for API keys and using .bluemix/config.json for tokens (with auto-refresh).

Need to add the following....

[ ] Update documentation with these new features.
[x] Add additional checks that config file exists
[x] Add helpful errors messages when user is not logged in.

jthomas commented 5 years ago

This feature is blocked until IBM Cloud Functions APIGW supports configuration using IAM API keys.

bn326160 commented 4 years ago

Any update on this? I don't seem to be able to create a new cloud foundry namespace any longer

bn326160 commented 4 years ago

I got it to work using a valid _APIGW_ACCESSTOKEN & _IAM_NAMESPACE_APIKEY in your .wskprops or ENV variables. And then upgrading to the github version of this package: npm i git+https://github.com/serverless/serverless-openwhisk.git

raheel-ahmad commented 4 years ago

@bn326160 can you explain a bit further how to set the valid token and api key in .wskprops. My .wskprops looks like this:

I am getting this error when deploying: Failed to deploy function (myservice-dev-hello) due to error: PUT https://us-south.functions.cloud.ibm.com/api/v1/namespaces/_/actions/myservice-dev-hello?overwrite=true Returned HTTP 401 (Unauthorized) --> "The supplied authentication is invalid"

Looking forward to your response.

Thanks

bn326160 commented 4 years ago

@raheel4839 Looks like you're missing IAM_NAMESPACE_API_KEY. + Did you install the github version?