Set Access Control for HTTP Functions (v2) #935
Conversation
src/v2/providers/https.ts Outdated
| | string | ||
| | Array<options.SupportedRegion | string>; | ||
| cors?: string | boolean; | ||
| invoker?: Invoker | Invoker[]; |
There was a problem hiding this comment.
@mbleigh Should we make this an HTTPS only option or should we make it also an event trigger option and set the service account of EventArc accordingly? I guess maybe the former since we don't have a clear answer what to do if the user passes two SAs.
There was a problem hiding this comment.
Yeah, I think let's leave this HTTPS-only for now.
src/v2/providers/https.ts Outdated
| opts = optsOrHandler as HttpsOptions; | ||
| } | ||
| | ||
| const invoker = 'invoker' in opts ? opts.invoker : 'public'; |
There was a problem hiding this comment.
I assume we validate these values at deploy time, but what happens when users specify a bad/valid-but-wtf values, e.g.
// Bad settings invoker: ['public', 'private'] invoker: ['private', 'service-account@'] // Valid, but wtf? invoker: ['public', 'service-account@']Is having the following signature more appropriate?
invoker?: public | private | string[]There was a problem hiding this comment.
I think that's a fine TS signature (if you also allow string) though the CLI should handle the valid-but-wtf case
There was a problem hiding this comment.
I think that all 3 of these cases should be treated as bad and should throw an error. The way I read the type definition is that the user can set 'public', 'private', '$service-account', or [ '$service-account-1', '$service-account-2', ... ]. They should not mix public or private with the array of service accounts.
I've added a helper method to src/common/encoding that will error out of the user sets public or private in the array.
src/v2/options.ts Outdated
| /** | ||
| * Invoker to set access control on https functions. | ||
| */ | ||
| invoker?: Invoker | Invoker[]; |
There was a problem hiding this comment.
Given your new defensive programming stance I agree with Daniel now that we can/should change our typing.
invoker?: 'public' | 'private' | string | string[]; This will make sure code complete doesn't suggest "public" or "private" when the customer enters an array.
There was a problem hiding this comment.
Changed the type definition
5 participants
Description
Creating a way for customers to explicitly set the access control on v2 HTTP functions. The access control is set at the function level, so different functions can have different access policies. The customer can choose to set access control to
public,private, or a custom service account. Access control is set in theonRequest({})options object, by setting the invoker property. To handle multiple service accounts, invoker can accept an array of strings.Code sample
export const myFunction = v2.https.onRequest({ invoker: 'private' }, (req, res) => { res.send("Done"); });