diff --git a/apisix/core/request.lua b/apisix/core/request.lua index 18d997845b7a..95d84b95b4f6 100644 --- a/apisix/core/request.lua +++ b/apisix/core/request.lua @@ -273,4 +273,7 @@ function _M.get_http_version() return ngx.req.http_version() end + +_M.get_method = ngx.req.get_method + return _M diff --git a/apisix/plugins/openwhisk.lua b/apisix/plugins/openwhisk.lua new file mode 100644 index 000000000000..a8fe8c2f74a2 --- /dev/null +++ b/apisix/plugins/openwhisk.lua @@ -0,0 +1,114 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- + +local core = require("apisix.core") +local http = require("resty.http") +local ngx_encode_base64 = ngx.encode_base64 +local tostring = tostring + +local schema = { + type = "object", + properties = { + api_host = {type = "string"}, + ssl_verify = { + type = "boolean", + default = true, + }, + service_token = {type = "string"}, + namespace = {type = "string", maxLength = 256}, + action = {type = "string", maxLength = 256}, + result = { + type = "boolean", + default = true, + }, + timeout = { + type = "integer", + minimum = 1, + maximum = 60000, + default = 3000, + description = "timeout in milliseconds", + }, + keepalive = {type = "boolean", default = true}, + keepalive_timeout = {type = "integer", minimum = 1000, default = 60000}, + keepalive_pool = {type = "integer", minimum = 1, default = 5} + }, + required = {"api_host", "service_token", "namespace", "action"} +} + + +local _M = { + version = 0.1, + priority = -1901, + name = "openwhisk", + schema = schema, +} + + +function _M.check_schema(conf) + local ok, err = core.schema.check(schema, conf) + if not ok then + return false, err + end + + return true +end + + +function _M.access(conf, ctx) + local params = { + method = "POST", + body = core.request.get_body(), + query = { + blocking = "true", + result = tostring(conf.result), + timeout = conf.timeout + }, + headers = { + ["Authorization"] = "Basic " .. ngx_encode_base64(conf.service_token), + ["Content-Type"] = "application/json", + }, + keepalive = conf.keepalive, + ssl_verify = conf.ssl_verify + } + + if conf.keepalive then + params.keepalive_timeout = conf.keepalive_timeout + params.keepalive_pool = conf.keepalive_pool + end + + -- OpenWhisk action endpoint + local endpoint = conf.api_host .. "/api/v1/namespaces/" .. conf.namespace .. + "/actions/" .. conf.action + + local httpc = http.new() + httpc:set_timeout(conf.timeout) + + local res, err = httpc:request_uri(endpoint, params) + + if not res or err then + core.log.error("failed to process openwhisk action, err: ", err) + return 503 + end + + -- setting response headers + core.response.set_header(res.headers) + + return res.status, res.body +end + + +return _M diff --git a/ci/linux-ci-init-service.sh b/ci/linux-ci-init-service.sh index 0d15d06042e0..83144b7b3b30 100755 --- a/ci/linux-ci-init-service.sh +++ b/ci/linux-ci-init-service.sh @@ -19,3 +19,9 @@ docker exec -i apache-apisix_kafka-server1_1 /opt/bitnami/kafka/bin/kafka-topics.sh --create --zookeeper zookeeper-server1:2181 --replication-factor 1 --partitions 1 --topic test2 docker exec -i apache-apisix_kafka-server1_1 /opt/bitnami/kafka/bin/kafka-topics.sh --create --zookeeper zookeeper-server1:2181 --replication-factor 1 --partitions 3 --topic test3 docker exec -i apache-apisix_kafka-server2_1 /opt/bitnami/kafka/bin/kafka-topics.sh --create --zookeeper zookeeper-server2:2181 --replication-factor 1 --partitions 1 --topic test4 + +# prepare openwhisk env +docker pull openwhisk/action-nodejs-v14:nightly +docker run --rm -d --name openwhisk -p 3233:3233 -p 3232:3232 -v /var/run/docker.sock:/var/run/docker.sock openwhisk/standalone:nightly +docker exec -i openwhisk waitready +docker exec -i openwhisk bash -c "wsk action update test <(echo 'function main(args){return {\"hello\":args.name || \"test\"}}') --kind nodejs:14" diff --git a/conf/config-default.yaml b/conf/config-default.yaml index 4e385ed3e48d..dc42e04bea5c 100644 --- a/conf/config-default.yaml +++ b/conf/config-default.yaml @@ -356,6 +356,7 @@ plugins: # plugin list (sorted by priority) - example-plugin # priority: 0 #- skywalking # priority: -1100 - azure-functions # priority: -1900 + - openwhisk # priority: -1901 - serverless-post-function # priority: -2000 - ext-plugin-post-req # priority: -3000 diff --git a/docs/en/latest/config.json b/docs/en/latest/config.json index 09513d276d09..68631c161b88 100644 --- a/docs/en/latest/config.json +++ b/docs/en/latest/config.json @@ -129,7 +129,8 @@ "label": "Serverless", "items": [ "plugins/serverless", - "plugins/azure-functions" + "plugins/azure-functions", + "plugins/openwhisk" ] }, { diff --git a/docs/en/latest/plugins/openwhisk.md b/docs/en/latest/plugins/openwhisk.md new file mode 100644 index 000000000000..5bc65595f318 --- /dev/null +++ b/docs/en/latest/plugins/openwhisk.md @@ -0,0 +1,98 @@ +--- +title: openwhisk +--- + + + +## Summary + +- [**Description**](#description) +- [**Attributes**](#attributes) +- [**Example**](#example) + +## Description + +The `openwhisk` plugin is used to support integration with the [Apache OpenWhisk](https://openwhisk.apache.org) serverless platform and can be set up on a route in place of Upstream, which will take over the request and send it to the OpenWhisk API endpoint. + +Users can call the OpenWhisk action via APISIX, pass the request parameters via JSON and get the response content. + +## Attributes + +| Name | Type | Requirement | Default | Valid | Description | +| -- | -- | -- | -- | -- | -- | +| api_host | string | required |   |   | OpenWhisk API host (eg. https://localhost:3233) | +| ssl_verify | boolean | optional | true | | Whether to verify the certificate | +| service_token | string | required |   |   | OpenWhisk ServiceToken (The format is `xxx:xxx`,Passed through Basic Auth when calling the API) | +| namespace | string | required |   |   | OpenWhisk Namespace (eg. guest) | +| action | string | required |   |   | OpenWhisk Action (eg. hello) | +| result | boolean | optional | true |   | Whether to get Action metadata (default to execute function and get response; false to get Action metadata but not execute Action, including runtime, function body, restrictions, etc.) | +| timeout | integer | optional | 60000ms | [1, 60000]ms | OpenWhisk Action and HTTP call timeout. | +| keepalive | boolean | optional | true |   | HTTP keepalive | +| keepalive_timeout | integer | optional | 60000ms | [1000,...] | keepalive idle timeout | +| keepalive_pool | integer | optional | 5 | [1,...] | Connection pool limit | + +:::note + +- The `timeout` property controls both the time taken by the OpenWhisk Action to execute and the timeout of the HTTP client in APISIX. OpenWhisk Action calls may consume time on pulling the runtime image and starting the container, so if you set the value too small, you may cause a large number of requests to fail. OpenWhisk supports timeouts ranging from 1ms to 60000ms, and we recommended to set at least 1000ms or more. + +::: + +## Example + +First, you need to run the OpenWhisk environment. Here is an example of using OpenWhisk standalone mode. + +```shell +docker run --rm -d \ + -h openwhisk --name openwhisk \ + -p 3233:3233 -p 3232:3232 \ + -v /var/run/docker.sock:/var/run/docker.sock \ + openwhisk/standalone:nightly +docker exec openwhisk waitready +``` + +Then, you need to create an Action for testing. + +```shell +wsk property set --apihost "http://localhost:3233" --auth "23bc46b1-71f6-4ed5-8c54-816aa4f8c502:123zO3xZCLrMN6v2BKK1dXYFpXlPkccOFqm12CdAsMgRU4VrNZ9lyGVCGuMDGIwP" +wsk action update test <(echo 'function main(){return {"ready":true}}') --kind nodejs:14 +``` + +Here is an example of creating a Route and enabling this plugin + +```shell +curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' +{ + "uri": "/hello", + "plugins": { + "openwhisk": { + "api_host": "http://localhost:3233", + "service_token": "23bc46b1-71f6-4ed5-8c54-816aa4f8c502:123zO3xZCLrMN6v2BKK1dXYFpXlPkccOFqm12CdAsMgRU4VrNZ9lyGVCGuMDGIwP", + "namespace": "guest", + "action": "test" + } + } +}' +``` + +Finally, you can send a request to this route and you will get the following response. And you can disable it by removing the openwhsik plugin from the route. + +```json +{"ready": true} +``` diff --git a/t/admin/plugins.t b/t/admin/plugins.t index 2c62bcafc9d7..f20b8b98ef93 100644 --- a/t/admin/plugins.t +++ b/t/admin/plugins.t @@ -40,7 +40,7 @@ __DATA__ --- request GET /apisix/admin/plugins/list --- response_body_like eval -qr/\["real-ip","client-control","ext-plugin-pre-req","zipkin","request-id","fault-injection","serverless-pre-function","batch-requests","cors","ip-restriction","ua-restriction","referer-restriction","uri-blocker","request-validation","openid-connect","authz-casbin","wolf-rbac","ldap-auth","hmac-auth","basic-auth","jwt-auth","key-auth","consumer-restriction","authz-keycloak","proxy-mirror","proxy-cache","proxy-rewrite","api-breaker","limit-conn","limit-count","limit-req","gzip","server-info","traffic-split","redirect","response-rewrite","grpc-transcode","prometheus","datadog","echo","http-logger","skywalking-logger","google-cloud-logging","sls-logger","tcp-logger","kafka-logger","syslog","udp-logger","example-plugin","azure-functions","serverless-post-function","ext-plugin-post-req"\]/ +qr/\["real-ip","client-control","ext-plugin-pre-req","zipkin","request-id","fault-injection","serverless-pre-function","batch-requests","cors","ip-restriction","ua-restriction","referer-restriction","uri-blocker","request-validation","openid-connect","authz-casbin","wolf-rbac","ldap-auth","hmac-auth","basic-auth","jwt-auth","key-auth","consumer-restriction","authz-keycloak","proxy-mirror","proxy-cache","proxy-rewrite","api-breaker","limit-conn","limit-count","limit-req","gzip","server-info","traffic-split","redirect","response-rewrite","grpc-transcode","prometheus","datadog","echo","http-logger","skywalking-logger","google-cloud-logging","sls-logger","tcp-logger","kafka-logger","syslog","udp-logger","example-plugin","azure-functions","openwhisk","serverless-post-function","ext-plugin-post-req"\]/ --- no_error_log [error] diff --git a/t/core/request.t b/t/core/request.t index 06256dcc9a4b..feb7ac5afde9 100644 --- a/t/core/request.t +++ b/t/core/request.t @@ -437,3 +437,30 @@ c=z_z&v=x%20x nil --- error_log the post form is too large: request body in temp file not supported + + + +=== TEST 13: get_method +--- config + location = /hello { + content_by_lua_block { + local core = require("apisix.core") + local ngx_ctx = ngx.ctx + local api_ctx = ngx_ctx.api_ctx + if api_ctx == nil then + api_ctx = core.tablepool.fetch("api_ctx", 0, 32) + ngx_ctx.api_ctx = api_ctx + end + + core.ctx.set_vars_meta(api_ctx) + + local method = core.request.get_method(ngx.ctx.api_ctx) + ngx.say(method) + } + } +--- request +POST /hello +--- response_body +POST +--- no_error_log +[error] diff --git a/t/plugin/openwhisk.t b/t/plugin/openwhisk.t new file mode 100644 index 000000000000..e20fe5a5547e --- /dev/null +++ b/t/plugin/openwhisk.t @@ -0,0 +1,245 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +use t::APISIX 'no_plan'; + +repeat_each(1); +no_long_string(); +no_root_location(); + +add_block_preprocessor(sub { + my ($block) = @_; + + if ((!defined $block->error_log) && (!defined $block->no_error_log)) { + $block->set_value("no_error_log", "[error]"); + } + + if (!defined $block->request) { + $block->set_value("request", "GET /t"); + } +}); + +run_tests(); + +__DATA__ + +=== TEST 1: sanity check with minimal valid configuration. +--- config + location /t { + content_by_lua_block { + local plugin = require("apisix.plugins.openwhisk") + local ok, err = plugin.check_schema({api_host = "http://127.0.0.1:3233", service_token = "test:test", namespace = "test", action = "test"}) + if not ok then + ngx.say(err) + end + + ngx.say("done") + } + } +--- response_body +done + + + +=== TEST 2: missing `api_host` +--- config + location /t { + content_by_lua_block { + local plugin = require("apisix.plugins.openwhisk") + local ok, err = plugin.check_schema({service_token = "test:test", namespace = "test", action = "test"}) + if not ok then + ngx.say(err) + end + } + } +--- response_body +property "api_host" is required + + + +=== TEST 3: wrong type for `api_host` +--- config + location /t { + content_by_lua_block { + local plugin = require("apisix.plugins.openwhisk") + local ok, err = plugin.check_schema({api_host = 3233, service_token = "test:test", namespace = "test", action = "test"}) + if not ok then + ngx.say(err) + end + } + } +--- response_body +property "api_host" validation failed: wrong type: expected string, got number + + + +=== TEST 4: setup route with plugin +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "plugins": { + "openwhisk": { + "api_host": "http://127.0.0.1:3233", + "service_token": "23bc46b1-71f6-4ed5-8c54-816aa4f8c502:123zO3xZCLrMN6v2BKK1dXYFpXlPkccOFqm12CdAsMgRU4VrNZ9lyGVCGuMDGIwP", + "namespace": "guest", + "action": "test" + } + }, + "upstream": { + "nodes": {}, + "type": "roundrobin" + }, + "uri": "/hello" + }]] + ) + + if code >= 300 then + ngx.status = code + end + ngx.say(body) + } + } +--- response_body +passed + + + +=== TEST 5: hit route (with GET request) +--- request +GET /hello +--- response_body chomp +{"hello":"test"} + + + +=== TEST 6: hit route (with POST method and non-json format request body) +--- request +POST /hello +test=test +--- more_headers +Content-Type: application/x-www-form-urlencoded +--- error_code: 400 +--- response_body_like eval +qr/"error":"The request content was malformed/ + + + +=== TEST 7: hit route (with POST and correct request body) +--- request +POST /hello +{"name": "world"} +--- more_headers +Content-Type: application/json +--- response_body chomp +{"hello":"world"} + + + +=== TEST 8: reset route to non-existent action +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "plugins": { + "openwhisk": { + "api_host": "http://127.0.0.1:3233", + "service_token": "23bc46b1-71f6-4ed5-8c54-816aa4f8c502:123zO3xZCLrMN6v2BKK1dXYFpXlPkccOFqm12CdAsMgRU4VrNZ9lyGVCGuMDGIwP", + "namespace": "guest", + "action": "non-existent" + } + }, + "upstream": { + "nodes": {}, + "type": "roundrobin" + }, + "uri": "/hello" + }]] + ) + + if code >= 300 then + ngx.status = code + end + ngx.say(body) + } + } +--- response_body +passed + + + +=== TEST 9: hit route (with non-existent action) +--- request +POST /hello +{"name": "world"} +--- more_headers +Content-Type: application/json +--- error_code: 404 +--- response_body_like eval +qr/"error":"The requested resource does not exist."/ + + + +=== TEST 10: reset route to wrong api_host +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "plugins": { + "openwhisk": { + "api_host": "http://127.0.0.0:3233", + "service_token": "23bc46b1-71f6-4ed5-8c54-816aa4f8c502:123zO3xZCLrMN6v2BKK1dXYFpXlPkccOFqm12CdAsMgRU4VrNZ9lyGVCGuMDGIwP", + "namespace": "guest", + "action": "non-existent" + } + }, + "upstream": { + "nodes": {}, + "type": "roundrobin" + }, + "uri": "/hello" + }]] + ) + + if code >= 300 then + ngx.status = code + end + ngx.say(body) + } + } +--- response_body +passed + + + +=== TEST 11: hit route (with wrong api_host) +--- request +POST /hello +{"name": "world"} +--- more_headers +Content-Type: application/json +--- error_code: 503 +--- error_log +failed to process openwhisk action, err: