Enable basic-auth by default

The deployment script will enable basic-auth by default to help avoid people deploying to a public IP with no protection from malicious actors. - In deploy_stash.sh /dev/random can hang on some systems, so using urandom will give a better experience, if less "random" data. For the purposes of creating an initial basic auth password this is sufficient. - Alpine Linux does not have the shasum command, but sha256sum. - Tested on MacOS with and without --no-auth flag. - Does not apply for armhf or powershell. BASIC_AUTH env-var added by Vivek Syngh @viveksyngh Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>

Enable basic-auth by default
6b7f2fc0 · Alex Ellis (VMware) · Alex Ellis · 00c93f2d · 6b7f2fc0
Commit 6b7f2fc0 authored 6 years ago by Alex Ellis (VMware) Committed by Alex Ellis 6 years ago
--- a/deploy_stack.sh
+++ b/deploy_stack.sh
@@ -5,6 +5,50 @@ if ! [ -x "$(command -v docker)" ]; then
  exit 1
 fi

-echo "Deploying stack"
-docker stack deploy func --compose-file docker-compose.yml
+export BASIC_AUTH="true"
+
+sha_cmd="shasum -a 256"
+if ! command -v shasum >/dev/null; then
+  sha_cmd="sha256sum"
+fi
+
+while [ ! $# -eq 0 ]
+do
+	case "$1" in
+		--no-auth | -n)
+			export BASIC_AUTH="false"
+			;;
+    --help | -h)
+			echo "Usage: \n [default]\tdeploy the OpenFaaS core services\n --no-auth [-n]\tdisable basic authentication.\n --help\tdisplays this screen"
+      exit
+			;;
+	esac
+	shift
+done
+
+# Secrets should be created even if basic-auth is disabled.
+echo "Attempting to create credentials for gateway.."
+echo "admin" | docker secret create basic-auth-user -
+secret=$(head -c 16 /dev/urandom| $sha_cmd | cut -d " " -f 1)
+echo "$secret" | docker secret create basic-auth-password -
+if [ $? = 0 ];
+then
+  echo "[Credentials]\n username: admin \n password: $secret\n echo -n "$secret" | faas-cli login --username=admin --password-stdin"
+else
+  echo "[Credentials]\n already exist, not creating"
+fi
+
+if [ $BASIC_AUTH = "true" ];
+then
+  echo ""
+  echo "Enabling basic authentication for gateway.."
+  echo ""
+else
+  echo ""
+  echo "Disabling basic authentication for gateway.."
+  echo ""
+fi

+echo "Deploying OpenFaaS core services"
+
+docker stack deploy func --compose-file docker-compose.yml