Permalink
Browse files

Enable basic-auth by default

The deployment script will enable basic-auth by default to help
avoid people deploying to a public IP with no protection from
malicious actors.

- In deploy_stash.sh /dev/random can hang on some systems, so using
  urandom will give a better experience, if less "random" data.
  For the purposes of creating an initial basic auth password this
  is sufficient.
- Alpine Linux does not have the shasum command, but sha256sum.
- Tested on MacOS with and without --no-auth flag.
- Does not apply for armhf or powershell.

BASIC_AUTH env-var added by Vivek Syngh @viveksyngh

Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
  • Loading branch information...
alexellis committed Jul 13, 2018
1 parent 00c93f2 commit 6b7f2fc0a17df275f3195448949cd0ed6f2667a9
Showing with 46 additions and 2 deletions.
  1. +46 −2 deploy_stack.sh
@@ -5,6 +5,50 @@ if ! [ -x "$(command -v docker)" ]; then
exit 1
fi
echo "Deploying stack"
docker stack deploy func --compose-file docker-compose.yml
export BASIC_AUTH="true"
sha_cmd="shasum -a 256"
if ! command -v shasum >/dev/null; then
sha_cmd="sha256sum"
fi
while [ ! $# -eq 0 ]
do
case "$1" in
--no-auth | -n)
export BASIC_AUTH="false"
;;
--help | -h)
echo "Usage: \n [default]\tdeploy the OpenFaaS core services\n --no-auth [-n]\tdisable basic authentication.\n --help\tdisplays this screen"
exit
;;
esac
shift
done
# Secrets should be created even if basic-auth is disabled.
echo "Attempting to create credentials for gateway.."
echo "admin" | docker secret create basic-auth-user -
secret=$(head -c 16 /dev/urandom| $sha_cmd | cut -d " " -f 1)
echo "$secret" | docker secret create basic-auth-password -
if [ $? = 0 ];
then
echo "[Credentials]\n username: admin \n password: $secret\n echo -n "$secret" | faas-cli login --username=admin --password-stdin"
else
echo "[Credentials]\n already exist, not creating"
fi
if [ $BASIC_AUTH = "true" ];
then
echo ""
echo "Enabling basic authentication for gateway.."
echo ""
else
echo ""
echo "Disabling basic authentication for gateway.."
echo ""
fi
echo "Deploying OpenFaaS core services"
docker stack deploy func --compose-file docker-compose.yml

0 comments on commit 6b7f2fc

Please sign in to comment.