openwhisk-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dgr...@apache.org
Subject [incubator-openwhisk-composer] branch master updated: Proper handling of ssl certificate validation (#21)
Date Mon, 11 Feb 2019 21:26:05 GMT
This is an automated email from the ASF dual-hosted git repository.

dgrove pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk-composer.git


The following commit(s) were added to refs/heads/master by this push:
     new cfa92cf  Proper handling of ssl certificate validation (#21)
cfa92cf is described below

commit cfa92cf314a807e14302779d949a3302ddeb8285
Author: Olivier Tardieu <tardieu@users.noreply.github.com>
AuthorDate: Mon Feb 11 16:26:00 2019 -0500

    Proper handling of ssl certificate validation (#21)
---
 .travis.yml         |  2 +-
 README.md           | 21 +++++++++++++++++++++
 conductor.js        |  8 +++++---
 docs/COMBINATORS.md |  9 +++++++++
 docs/COMMANDS.md    |  4 ++++
 package.json        |  2 +-
 test/conductor.js   | 13 ++++++++-----
 7 files changed, 49 insertions(+), 10 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 051e253..d3a6dcc 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -22,7 +22,7 @@ services:
   - docker
 env:
   global:
-    - IGNORE_CERTS=true
+    - __OW_IGNORE_CERTS=true
     - REDIS=redis://172.17.0.1:6379
 before_install:
   - ./travis/scancode.sh
diff --git a/README.md b/README.md
index 238b23e..f12aadb 100644
--- a/README.md
+++ b/README.md
@@ -186,6 +186,27 @@ The intent is to store intermediate results in Redis as the parallel
composition
 is progressing. Redis entries are deleted after completion and, as an added
 safety, expire after twenty-four hours.
 
+# OpenWhisk SSL configuration
+
+Additional configuration is required when using an OpenWhisk instance with
+self-signed certificates to disable SSL certificate validation. The input
+parameter object must contain a parameter of type dictionary named `$composer`.
+This dictionary must contain a dictionary named `openwhisk`. The `openwhisk`
+dictionary must contain a field named `ignore_certs` with value `true`:
+```json
+{
+    "$composer": {
+        "openwhisk": {
+            "ignore_certs": true
+        }
+    },
+    ...
+}
+```
+
+This explicit SSL configuration is currently only necessary when using parallel
+combinators or the `async` combinator.
+
 # Disclaimer
 
 Apache OpenWhisk Composer is an effort undergoing incubation at The Apache Software Foundation
(ASF), sponsored by the Apache Incubator. Incubation is required of all newly accepted projects
until a further review indicates that the infrastructure, communications, and decision making
process have stabilized in a manner consistent with other successful ASF projects. While incubation
status is not necessarily a reflection of the completeness or stability of the code, it does
indicate that  [...]
diff --git a/conductor.js b/conductor.js
index ac595a4..fab979b 100644
--- a/conductor.js
+++ b/conductor.js
@@ -41,6 +41,7 @@ module.exports = function (options) {
   // try to extract apihost and key first from whisk property file file and then from process.env
   let apihost
   let apikey
+  let ignorecerts
 
   try {
     const wskpropsPath = process.env.WSK_CONFIG_FILE || path.join(os.homedir(), '.wskprops')
@@ -60,8 +61,9 @@ module.exports = function (options) {
 
   if (process.env.__OW_API_HOST) apihost = process.env.__OW_API_HOST
   if (process.env.__OW_API_KEY) apikey = process.env.__OW_API_KEY
+  if (process.env.__OW_IGNORE_CERTS) ignorecerts = process.env.__OW_IGNORE_CERTS
 
-  const wsk = openwhisk(Object.assign({ apihost, api_key: apikey }, options))
+  const wsk = openwhisk(Object.assign({ apihost, api_key: apikey, ignore_certs: ignorecerts
}, options))
   wsk.compositions = new Compositions(wsk)
   return wsk
 }
@@ -134,7 +136,7 @@ function main (composition) {
     const stack = [{ marker: true }].concat(p.s.stack)
     const barrierId = uuid()
     console.log(`barrierId: ${barrierId}, spawning: ${array.length}`)
-    if (!wsk) wsk = openwhisk({ ignore_certs: true })
+    if (!wsk) wsk = openwhisk(p.s.openwhisk)
     if (!db) db = createRedisClient(p)
     return db.lpushAsync(live(barrierId), 42) // push marker
       .then(() => db.expireAsync(live(barrierId), expiration))
@@ -296,7 +298,7 @@ function main (composition) {
     async ({ p, node, index, inspect, step }) {
       p.params.$composer = { state: p.s.state, stack: [{ marker: true }].concat(p.s.stack),
redis: p.s.redis }
       p.s.state = index + node.return
-      if (!wsk) wsk = openwhisk({ ignore_certs: true })
+      if (!wsk) wsk = openwhisk(p.s.openwhisk)
       return wsk.actions.invoke({ name: process.env.__OW_ACTION_NAME, params: p.params })
         .then(response => ({ method: 'async', activationId: response.activationId, sessionId:
p.s.session }), error => {
           console.error(error) // invoke failed
diff --git a/docs/COMBINATORS.md b/docs/COMBINATORS.md
index 9a157d2..336d7cc 100644
--- a/docs/COMBINATORS.md
+++ b/docs/COMBINATORS.md
@@ -424,6 +424,9 @@ composer.seq(composer.retain(composition_1, composition_2, ...), ({ params,
resu
 
 ## Async
 
+The `async` combinator may require an SSL configuration as discussed
+[here](../README.md#openwhisk-ssl-configuration).
+
 `composer.async(composition_1, composition_2, ...)` runs a sequence of
 compositions asynchronously. It invokes the sequence but does not wait for it to
 execute. It immediately returns a dictionary that includes a field named
@@ -439,6 +442,9 @@ later declarations in the parent are not visible in the child and vice
versa.
 Parallel combinators require access to a Redis instance as discussed
 [here](../README.md#parallel-compositions-with-redis).
 
+Parallel combinators may require an SSL configuration as discussed
+[here](../README.md#openwhisk-ssl-configuration).
+
 `composer.parallel(composition_1, composition_2, ...)` and its synonymous
 `composer.par(composition_1, composition_2, ...)` invoke a series of
 compositions (possibly empty) in parallel.
@@ -468,6 +474,9 @@ parent composition.
 Parallel combinators require access to a Redis instance as discussed
 [here](../README.md#parallel-compositions-with-redis).
 
+Parallel combinators may require an SSL configuration as discussed
+[here](../README.md#openwhisk-ssl-configuration).
+
 `composer.map(composition_1, composition_2, ...)` makes multiple parallel
 invocations of a sequence of compositions.
 
diff --git a/docs/COMMANDS.md b/docs/COMMANDS.md
index dabe630..db45108 100644
--- a/docs/COMMANDS.md
+++ b/docs/COMMANDS.md
@@ -110,6 +110,10 @@ If the `--apihost` flag is absent, the environment variable `__OW_API_HOST`
is
 used in its place. If neither is available, the `deploy` command extracts the
 `APIHOST` key from the whisk property file for the current user.
 
+If the `--insecure` flag is set or the environment variable `__OW_IGNORE_CERTS`
+is set to `true`, the `deploy` command ignores SSL certificates validation
+failures.
+
 If the `--auth` flag is absent, the environment variable `__OW_API_KEY` is used
 in its place. If neither is available, the `deploy` command extracts the `AUTH`
 key from the whisk property file for the current user.
diff --git a/package.json b/package.json
index 058f1f0..4069188 100644
--- a/package.json
+++ b/package.json
@@ -31,7 +31,7 @@
   ],
   "dependencies": {
     "minimist": "^1.2.0",
-    "openwhisk": "^3.11.0",
+    "openwhisk": "^3.18.0",
     "terser": "^3.8.2"
   },
   "devDependencies": {
diff --git a/test/conductor.js b/test/conductor.js
index 90b936e..157d885 100644
--- a/test/conductor.js
+++ b/test/conductor.js
@@ -23,7 +23,7 @@ const assert = require('assert')
 const composer = require('../composer')
 const conductor = require('../conductor')
 const name = 'TestAction'
-const wsk = conductor({ ignore_certs: process.env.IGNORE_CERTS && process.env.IGNORE_CERTS
!== 'false' && process.env.IGNORE_CERTS !== '0' })
+const wsk = conductor()
 
 // deploy action
 const define = action => wsk.actions.delete(action.name).catch(() => { }).then(() =>
wsk.actions.create(action))
@@ -37,6 +37,9 @@ const invoke = (composition, params = {}, blocking = true) => wsk.compositions.d
 const redis = process.env.REDIS ? { uri: process.env.REDIS } : false
 if (process.env.REDIS && process.env.REDIS_CA) redis.ca = process.env.REDIS_CA
 
+// openwhisk configuration
+const openwhisk = process.env.__OW_IGNORE_CERTS ? { ignore_certs: true } : {}
+
 describe('composer', function () {
   let n, x, y // dummy variables
 
@@ -63,7 +66,7 @@ describe('composer', function () {
       })
 
       it('action must return activationId', function () {
-        return invoke(composer.async('isNotOne'), { n: 1 }).then(activation => assert.ok(activation.response.result.activationId))
+        return invoke(composer.async('isNotOne'), { n: 1, $composer: { openwhisk } }).then(activation
=> assert.ok(activation.response.result.activationId))
       })
 
       it('action name must parse to fully qualified', function () {
@@ -321,17 +324,17 @@ describe('composer', function () {
       describe('parallel', function () {
         const test = redis ? it : it.skip
         test('parallel', function () {
-          return invoke(composer.parallel('TripleAndIncrement', 'DivideByTwo'), { n: 42,
$composer: { redis } })
+          return invoke(composer.parallel('TripleAndIncrement', 'DivideByTwo'), { n: 42,
$composer: { redis, openwhisk } })
             .then(activation => assert.deepStrictEqual(activation.response.result, { value:
[{ n: 127 }, { n: 21 }] }))
         })
 
         test('par', function () {
-          return invoke(composer.par('DivideByTwo', 'TripleAndIncrement', 'isEven'), { n:
42, $composer: { redis } })
+          return invoke(composer.par('DivideByTwo', 'TripleAndIncrement', 'isEven'), { n:
42, $composer: { redis, openwhisk } })
             .then(activation => assert.deepStrictEqual(activation.response.result, { value:
[{ n: 21 }, { n: 127 }, { value: true }] }))
         })
 
         test('map', function () {
-          return invoke(composer.map('TripleAndIncrement', 'DivideByTwo'), { value: [{ n:
3 }, { n: 5 }, { n: 7 }], $composer: { redis } })
+          return invoke(composer.map('TripleAndIncrement', 'DivideByTwo'), { value: [{ n:
3 }, { n: 5 }, { n: 7 }], $composer: { redis, openwhisk } })
             .then(activation => assert.deepStrictEqual(activation.response.result, { value:
[{ n: 5 }, { n: 8 }, { n: 11 }] }))
         })
       })


Mime
View raw message