It would be great to have a basic security on admin ui and / or function call
The goal would be to provide an API token to enble basic security on gateway UI access and function call.
There is no security to access gateway UI or call a function. Anybody that have access to ui can add a function.
Add an API key for each call to gateway UI to secure access.
Add an generated API key for each function in order to secure access to them
This is on the roadmap and makes sense.
I'm not sure if a header/key can be used through a web-browser, but basic auth over SSL may serve this purpose?
I'm not a developer, but this seems not so difficult to implement
https://github.com/graze/golang-service/blob/master/handlers/auth/README.md
Related -> #36
See also for the API Key example - https://github.com/alexellis/faas/tree/master/sample-functions/ApiKeyProtected
Thanks a lot, now we can add protection inside function.Maybe another option, is to do protection on the gateway directly.
API KEY are defined on the gateway for each function.
See also my blog post on swarm secrets with Github. http://blog.alexellis.io/swarm-secrets-in-action/
Have you created any of your own functions yet? Any other ideas/feedback will be appreciated. :-)
@edouardkleinhans this can be done by putting Kong in front of your API gateway.
Implemented and released in a guide.
Most helpful comment
Implemented and released in a guide.