This corrects an issue where the error body was being hidden
for the external auth handler. It also adds the ca-certs into
the runtime Docker image for when the gateway is calling an
external plugin exposed over HTTPS.

Tested with OAuth2 plugin.

Signed-off-by: Alex Ellis <alexellis2@gmail.com>

Signed-off-by: Kevin Turcios <kevin_turcios@outlook.com>

Fixes a problem where basic auth was disabled and a nill pointer
was hit, causing a panic.

Signed-off-by: Alex Ellis <alexellis2@gmail.com>

Signed-off-by: Alex Ellis <alexellis2@gmail.com>

Signed-off-by: Alex Ellis <alexellis2@gmail.com>

This commit moves the OpenFaaS gateway from using in-process
basic-auth for everything to use an external auth URL instead.

When auth is not enable, this functionality is not added to the
handlers and behaves as before. When enabled, the configured
plugin with authenticate requests.

Tested on Docker Swarm with positive and negative tests.

Signed-off-by: Alex Ellis <alexellis2@gmail.com>

Signed-off-by: Alex Ellis <alexellis2@gmail.com>

Signed-off-by: Alex Ellis <alexellis2@gmail.com>

Signed-off-by: Alex Ellis <alexellis2@gmail.com>

Fixes issue by adding unit test to make sure the body from
the plugin is written correctly and proxied to the client.

Signed-off-by: Alex Ellis <alexellis2@gmail.com>

Fix for external auth wrapper handler. Written by introducing
a broken unit test. Whenever the auth plugin returns a request
as not authorized, we must pass back any headers set by the
plugin.

Signed-off-by: Alex Ellis <alexellis2@gmail.com>

Fixes issue found in e2e testing where the headers were not
being passed to the basic-auth-plugin. This change makes sure
the upstream check gets all headers copied in before making
the call.

Tested with negative unit tests before writing fix.

Signed-off-by: Alex Ellis <alexellis2@gmail.com>

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

As part of #1209, this change deploys, but does not enable the
new basic-auth plugin service.

Signed-off-by: Alex Ellis <alexellis2@gmail.com>

Signed-off-by: Vivek Singh <vivekkmr45@yahoo.in>

Signed-off-by: Alex Ellis <alexellis2@gmail.com>

These two functions are effectively the same, with the former
being a wrapper for the later.

Signed-off-by: Alex Ellis <alexellis2@gmail.com>

An explicit timeout is passed to the handler and a new unit test
proves that the functionality is in place. A additional return
statement was needed in the handler as pointed out by
@stefanprodan.

Signed-off-by: Alex Ellis <alexellis2@gmail.com>

Adds two new environment variables and unit tests to validate
positive and default use-cases.

auth_proxy_url
auth_proxy_pass_body

Signed-off-by: Alex Ellis <alexellis2@gmail.com>

This commit adds an external auth handler which can be used to
wrap existing handlers, so that they delegate their requests
to an upstream URL before allowing a request to pass through
to an upstream API.

New handler tested with unit tests.

Signed-off-by: Alex Ellis <alexellis2@gmail.com>

Headers such as Realm / etc are important for auth proxies, so
this change and unit test make sure they get copied back to the
client.

Signed-off-by: Alex Ellis <alexellis2@gmail.com>

As per comment from @stefanprodan, the path for the handler
was incorrect in the run stage of the Dockerfile.

Signed-off-by: Alex Ellis <alexellis2@gmail.com>

Signed-off-by: Alex Ellis <alexellis2@gmail.com>

Signed-off-by: Alex Ellis <alexellis2@gmail.com>

Signed-off-by: Alex Ellis <alexellis2@gmail.com>

This plugin can be tested as a stand-alone Golang app, or
deployed as a Docker image with the following image:
openfaas/basic-auth-plugin:0.1.0

Signed-off-by: Alex Ellis <alexellis2@gmail.com>

Signed-off-by: Alex Ellis <alexellis2@gmail.com>

Signed-off-by: andmos <andreas.mosti@gmail.com>

Signed-off-by: Alex Ellis <alexellis2@gmail.com>

Signed-off-by: Alex Ellis <alexellis2@gmail.com>

Update funding file for Community Bridge URL
    
Signed-off-by: Alex Ellis <alexellis2@gmail.com>

Signed-off-by: Alex Ellis <alexellis2@gmail.com>

Signed-off-by: Carson Anderson <ca@carsonoid.net>

Adding the recording of the Dockercon OpenSource Summit: Serverless
as well as the code.talks Live Example to the community file

Signed-off-by: Burton Rheutan <rheutan7@gmail.com>

Adding event OpenFaaS - mit Docker einfach Serverless
to the Events in the community.md file

Signed-off-by: Martin Dekov <mdekov@vmware.com>

Adding event OpenFaaS - mit Docker einfach Serverless by
Frank Pommerening in Ratingen Germany to community file

Signed-off-by: Martin Dekov <mdekov@vmware.com>

Signed-off-by: Alex Ellis <alexellis2@gmail.com>

Signed-off-by: Alex Ellis <alexellis2@gmail.com>