Use pureconfig for invoker/scheduler's basic http auth (#5252)

Author: jiangpengcheng

ansible/group_vars/all

@@ -213,6 +213,8 @@ invoker:
     {% endif %}"
   extraEnv: "{{ invoker_extraEnv | default({}) }}"
   protocol: "{{ invoker_protocol | default('https') }}"
+  username: "{{ invoker_username | default('invoker.user') }}"
+  password: "{{ invoker_password | default('invoker.pass') }}"
   ssl:
     cn: "openwhisk-invokers"
     keyPrefix: "{{ __invoker_ssl_keyPrefix }}"

ansible/roles/invoker/tasks/deploy.yml

@@ -287,6 +287,8 @@
       "CONFIG_whisk_containerPool_prewarmExpirationCheckIntervalVariance": "{{ container_pool_prewarm_expirationCheckIntervalVariance | default('10 seconds') }}"
       "CONFIG_whisk_containerPool_prewarmPromotion": "{{ container_pool_strict | default('false') | lower }}"
       "CONFIG_whisk_containerPool_prewarmMaxRetryLimit": "{{ container_pool_prewarm_max_retry_limit | default(5) }}"
+      "CONFIG_whisk_invoker_username": "{{ invoker.username }}"
+      "CONFIG_whisk_invoker_password": "{{ invoker.password }}"
 
 - name: extend invoker dns env
   set_fact:

common/scala/src/main/scala/org/apache/openwhisk/core/WhiskConfig.scala

@@ -308,4 +308,10 @@ object ConfigKeys {
   val whiskClusterName = "whisk.cluster.name"
 
   val dataManagementServiceRetryInterval = "whisk.scheduler.data-management-service.retry-interval"
+
+  val whiskSchedulerUsername = "whisk.scheduler.username"
+  val whiskSchedulerPassword = "whisk.scheduler.password"
+
+  val whiskInvokerUsername = "whisk.invoker.username"
+  val whiskInvokerPassword = "whisk.invoker.password"
 }

core/invoker/src/main/resources/application.conf

@@ -176,6 +176,8 @@ whisk {
   }
 
   invoker {
+    username: "invoker.user"
+    password: "invoker.pass"
     protocol: http
   }
   runtime.delete.timeout = "30 seconds"

core/invoker/src/main/scala/org/apache/openwhisk/core/invoker/DefaultInvokerServer.scala

@@ -22,8 +22,10 @@ import akka.http.scaladsl.model.StatusCodes
 import akka.http.scaladsl.model.headers.BasicHttpCredentials
 import akka.http.scaladsl.server.Route
 import org.apache.openwhisk.common.{Logging, TransactionId}
+import org.apache.openwhisk.core.ConfigKeys
 import org.apache.openwhisk.http.BasicRasService
 import org.apache.openwhisk.http.ErrorResponse.terminate
+import pureconfig.loadConfigOrThrow
 import spray.json.PrettyPrinter
 
 import scala.concurrent.ExecutionContext
@@ -57,9 +59,8 @@ class DefaultInvokerServer(val invoker: InvokerCore, systemUsername: String, sys
 
 object DefaultInvokerServer extends InvokerServerProvider {
 
-  // TODO: TBD, after FPCInvokerReactive is ready, can read the credentials from pureconfig
-  val invokerUsername = "admin"
-  val invokerPassword = "admin"
+  private val invokerUsername = loadConfigOrThrow[String](ConfigKeys.whiskInvokerUsername)
+  private val invokerPassword = loadConfigOrThrow[String](ConfigKeys.whiskInvokerPassword)
 
   override def instance(
     invoker: InvokerCore)(implicit ec: ExecutionContext, actorSystem: ActorSystem, logger: Logging): BasicRasService =

core/invoker/src/main/scala/org/apache/openwhisk/core/invoker/FPCInvokerServer.scala

@@ -22,8 +22,10 @@ import akka.http.scaladsl.model.StatusCodes
 import akka.http.scaladsl.model.headers.BasicHttpCredentials
 import akka.http.scaladsl.server.Route
 import org.apache.openwhisk.common.{Logging, TransactionId}
+import org.apache.openwhisk.core.ConfigKeys
 import org.apache.openwhisk.http.BasicRasService
 import org.apache.openwhisk.http.ErrorResponse.terminate
+import pureconfig.loadConfigOrThrow
 import spray.json.PrettyPrinter
 
 import scala.concurrent.ExecutionContext
@@ -57,9 +59,8 @@ class FPCInvokerServer(val invoker: InvokerCore, systemUsername: String, systemP
 
 object FPCInvokerServer extends InvokerServerProvider {
 
-  // TODO: TBD, after FPCInvokerReactive is ready, can read the credentials from pureconfig
-  val invokerUsername = "admin"
-  val invokerPassword = "admin"
+  private val invokerUsername = loadConfigOrThrow[String](ConfigKeys.whiskInvokerUsername)
+  private val invokerPassword = loadConfigOrThrow[String](ConfigKeys.whiskInvokerPassword)
 
   override def instance(
     invoker: InvokerCore)(implicit ec: ExecutionContext, actorSystem: ActorSystem, logger: Logging): BasicRasService =

core/scheduler/src/main/scala/org/apache/openwhisk/core/scheduler/FPCSchedulerServer.scala

@@ -23,8 +23,10 @@ import akka.http.scaladsl.model.StatusCodes
 import akka.http.scaladsl.model.headers.BasicHttpCredentials
 import akka.http.scaladsl.server.Route
 import org.apache.openwhisk.common.{Logging, TransactionId}
+import org.apache.openwhisk.core.ConfigKeys
 import org.apache.openwhisk.http.BasicRasService
 import org.apache.openwhisk.http.ErrorResponse.terminate
+import pureconfig.loadConfigOrThrow
 import spray.json.DefaultJsonProtocol._
 import spray.json._
 
@@ -75,11 +77,9 @@ class FPCSchedulerServer(scheduler: SchedulerCore, systemUsername: String, syste
 
 object FPCSchedulerServer {
 
-  // TODO: TBD, after FPCScheduler is ready, can read the credentials from pureconfig
-  val schedulerUsername = "admin"
-  val schedulerPassword = "admin"
-
-  val queuePathPrefix = "queue"
+  private val schedulerUsername = loadConfigOrThrow[String](ConfigKeys.whiskSchedulerUsername)
+  private val schedulerPassword = loadConfigOrThrow[String](ConfigKeys.whiskSchedulerPassword)
+  private val queuePathPrefix = "queue"
 
   def instance(scheduler: SchedulerCore)(implicit ec: ExecutionContext,
                                          actorSystem: ActorSystem,