Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support built-in function authentication with OpenFaaS IAM. #29

Merged
merged 14 commits into from
Jun 14, 2024
Merged

Support built-in function authentication with OpenFaaS IAM. #29

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
9797ec0
Don't modify the client gateway url struct in client methods
welteki May 22, 2024
ca9c2e9
Refactor ClientCredentialsTokenSource to use Token struct
welteki May 17, 2024
b73e79e
Add scope to token
welteki May 17, 2024
84bf8cc
Add exchange options
welteki May 17, 2024
5303651
Have TokenAuth type implement the TokenSource interface
welteki May 17, 2024
9bd4a11
Improve errors for token exchange functions
welteki May 22, 2024
6c37a68
Add support for invoking functions using the client
welteki May 17, 2024
7c850b9
Cache function invocation tokens
welteki May 27, 2024
d45b4a9
Improve code comments and update README
welteki May 27, 2024
e3993cb
Dump exchange request when FAAS_DEBUG is set
welteki May 30, 2024
e29d9ee
Make function token cache optional in client
welteki May 30, 2024
6b9d6a4
Support configuring the http client for token exchange requests
welteki May 30, 2024
343aee3
Support garbage collection of expired tokens from cache
welteki May 30, 2024
20a2d09
Accept a http.Request as argument to InvokeFunction
welteki May 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
68 changes: 68 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,74 @@ if err != nil {

Please refer [examples](https://github.com/openfaas/go-sdk/tree/master/examples) folder for code examples of each operation

## Invoke functions

```go
body := strings.NewReader("OpenFaaS")
req, err := http.NewRequestWithContext(context.TODO(), http.MethodPost, "/", body)
if err != nil {
panic(err)
}

req.Header.Set("Content-Type", "text/plain")

async := false
authenticate := false

// Make a POST request to a figlet function in the openfaas-fn namespace
res, err := client.InvokeFunction(context.Background(), "figlet", "openfaas-fn", async, authenticate, req)
if err != nil {
log.Printf("Failed to invoke function: %s", err)
return
}

if res.Body != nil {
defer res.Body.Close()
}

// Read the response body
body, err := io.ReadAll(res.Body)
if err != nil {
log.Printf("Error reading response body: %s", err)
return
}

// Print the response
fmt.Printf("Response status code: %s\n", res.Status)
fmt.Printf("Response body: %s\n", string(body))
```

### Authenticate function invocations

The SDK supports invoking functions if you are using OpenFaaS IAM with [built-in authentication for functions](https://www.openfaas.com/blog/built-in-function-authentication/).

Set the `auth` argument to `true` when calling `InvokeFunction` to authenticate the request with an OpenFaaS function access token.

The `Client` needs a `TokenSource` to get an ID token that can be exchanged for a function access token to make authenticated function invocations. By default the `TokenAuth` provider that was set when constructing a new `Client` is used.

It is also possible to provide a custom `TokenSource` for the function token exchange:

```go
ts := sdk.NewClientCredentialsTokenSource(clientID, clientSecret, tokenURL, scope, grantType, audience)

client := sdk.NewClientWithOpts(gatewayURL, http.DefaultClient, sdk.WithFunctionTokenSource(ts))
```

Optionally a `TokenCache` can be configured to cache function access tokens and prevent the client from having to do a token exchange each time a function is invoked.

```go
fnTokenCache := sdk.NewMemoryTokenCache()
// Start garbage collection to remove expired tokens from the cache.
go fnTokenCache.StartGC(context.Background(), time.Second*10)

client := sdk.NewClientWithOpts(
gatewayUrl,
httpClient,
sdk.WithAuthentication(auth),
sdk.WithFunctionTokenCache(fnTokenCache),
)
```

## License

License: MIT
Loading
Loading