Enable basic-auth by default #743
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -5,6 +5,50 @@ if ! [ -x "$(command -v docker)" ]; then | |
| exit 1 | ||
| fi | ||
|
|
||
| export BASIC_AUTH="true" | ||
|
|
||
| sha_cmd="shasum -a 256" | ||
| if ! command -v shasum >/dev/null; then | ||
| sha_cmd="sha256sum" | ||
| fi | ||
|
|
||
| while [ ! $# -eq 0 ] | ||
| do | ||
| case "$1" in | ||
| --no-auth | -n) | ||
| export BASIC_AUTH="false" | ||
| ;; | ||
| --help | -h) | ||
| echo "Usage: \n [default]\tdeploy the OpenFaaS core services\n --no-auth [-n]\tdisable basic authentication.\n --help\tdisplays this screen" | ||
| exit | ||
| ;; | ||
| esac | ||
| shift | ||
| done | ||
|
|
||
| # Secrets should be created even if basic-auth is disabled. | ||
| echo "Attempting to create credentials for gateway.." | ||
| echo "admin" | docker secret create basic-auth-user - | ||
| secret=$(head -c 16 /dev/urandom| $sha_cmd | cut -d " " -f 1) | ||
|
There was a problem hiding this comment. Would be good if there is an easy way for the user to create own credentials or edit the password without the need to set-up secrets manually. What about passing and argument to There was a problem hiding this comment. Possibly in a follow-up PR. I think it's out of scope for this change. The user really must run the |
||
| echo "$secret" | docker secret create basic-auth-password - | ||
| if [ $? = 0 ]; | ||
| then | ||
| echo "[Credentials]\n username: admin \n password: $secret\n echo -n "$secret" | faas-cli login --username=admin --password-stdin" | ||
|
There was a problem hiding this comment. The Or even better, offer to do so on behalf of the user (if faas-cli is found on the path). There was a problem hiding this comment. You should also make very clear that the user should record/store the generated user credentials as they'll not be made available again. There was a problem hiding this comment. What context should we give about |
||
| else | ||
| echo "[Credentials]\n already exist, not creating" | ||
|
There was a problem hiding this comment. I'd be inclined to give the user the option to replace these secrets. Could be in a situation where they've been setup in the past but the user is no longer sure what they had been set to (cough me). There was a problem hiding this comment. How about There was a problem hiding this comment. How about something like this in the troubleshooting guide? |
||
| fi | ||
|
|
||
| if [ $BASIC_AUTH = "true" ]; | ||
| then | ||
| echo "" | ||
| echo "Enabling basic authentication for gateway.." | ||
| echo "" | ||
|
There was a problem hiding this comment. I think you need to include the Say for example you deploy a stack with There was a problem hiding this comment. What about using envvars in the compose file instead (https://docs.docker.com/compose/environment-variables/) set enabled=true/false in these conditionals then run the final deploy with: There was a problem hiding this comment. I prefer the env-var approach with a default set. |
||
| else | ||
| echo "" | ||
| echo "Disabling basic authentication for gateway.." | ||
| echo "" | ||
| fi | ||
|
|
||
| echo "Deploying OpenFaaS core services" | ||
|
There was a problem hiding this comment. For consistency you'd want the ellipsis at the end of this output. |
||
|
|
||
| docker stack deploy func --compose-file docker-compose.yml | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rgee0 this sets the value to true