Skip to content

Commit ee3750f

Browse files
alexellisalexellis
committed
Enable basic-auth by default
The deployment script will enable basic-auth by default to help avoid people deploying to a public IP with no protection from malicious actors. - In deploy_stash.sh /dev/random can hang on some systems, so using urandom will give a better experience, if less "random" data. For the purposes of creating an initial basic auth password this is sufficient. - Alpine Linux does not have the shasum command, but sha256sum. - Tested on MacOS with and without --no-auth flag. - Does not apply for armhf or powershell. BASIC_AUTH env-var added by Vivek Syngh @viveksyngh Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
1 parent e6a3658 commit ee3750f

File tree

1 file changed

+46
-2
lines changed

1 file changed

+46
-2
lines changed

deploy_stack.sh

Lines changed: 46 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,50 @@ if ! [ -x "$(command -v docker)" ]; then
55
exit 1
66
fi
77

8-
echo "Deploying stack"
9-
docker stack deploy func --compose-file docker-compose.yml
8+
export BASIC_AUTH="true"
9+
10+
sha_cmd="shasum -a 256"
11+
if ! command -v shasum >/dev/null; then
12+
sha_cmd="sha256sum"
13+
fi
14+
15+
while [ ! $# -eq 0 ]
16+
do
17+
case "$1" in
18+
--no-auth | -n)
19+
export BASIC_AUTH="false"
20+
;;
21+
--help | -h)
22+
echo "Usage: \n [default]\tdeploy the OpenFaaS core services\n --no-auth [-n]\tdisable basic authentication.\n --help\tdisplays this screen"
23+
exit
24+
;;
25+
esac
26+
shift
27+
done
28+
29+
# Secrets should be created even if basic-auth is disabled.
30+
echo "Attempting to create credentials for gateway.."
31+
echo "admin" | docker secret create basic-auth-user -
32+
secret=$(head -c 16 /dev/urandom| $sha_cmd | cut -d " " -f 1)
33+
echo "$secret" | docker secret create basic-auth-password -
34+
if [ $? = 0 ];
35+
then
36+
echo "[Credentials]\n username: admin \n password: $secret\n echo -n "$secret" | faas-cli login --username=admin --password-stdin"
37+
else
38+
echo "[Credentials]\n already exist, not creating"
39+
fi
40+
41+
if [ $BASIC_AUTH = "true" ];
42+
then
43+
echo ""
44+
echo "Enabling basic authentication for gateway.."
45+
echo ""
46+
else
47+
echo ""
48+
echo "Disabling basic authentication for gateway.."
49+
echo ""
50+
fi
1051

52+
echo "Deploying OpenFaaS core services"
53+
54+
docker stack deploy func --compose-file docker-compose.yml

0 commit comments

Comments
 (0)