Enable hashed passwords with PowerShell

- PR #929 introduced the ability to generate passwords for the
gateway admin user, this is a good step forwards for Windows
users. It did introduce an inconsistency in the format that
passwords are stored by not using a form of hashing. Hashing
of secrets is used extensively within OpenFaaS/OpenFaaS Cloud
whether with Swarm or Kubernetes via helm. If there are
concerns about using a hashed value for a password I would
suggest raising an issue to track this and have any decision
we make applied for all users (not just PowerShell users).

As a  compromise I've introduced hashing by default and added
a new flag called -noHash which can be used to replicate the
behaviour of the original PR.

After feedback from other contributors I also looked into whether
the flag syntax could match the existing syntax but left this as
is. Bash will use --no-auth and PowerShell will use --noAuth.

This was tested on Docker Swarm on Windows.

Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>

deploy_stack.ps1

@@ -1,76 +1,92 @@
-#!ps1
+#!ps1
-
+
-param (
+param (
-    [switch] $noAuth,
+    [switch] $noAuth,
-    [switch] $n,
+    [switch] $noHash,
-    [switch] $help,
+    [switch] $n,
-    [switch] $h
+    [switch] $help,
-)
+    [switch] $h
-
+)
-if ($help -Or $h) {
+
-    Write-Host "Usage: "
+if ($help -Or $h) {
-    Write-Host " [default]`tdeploy the OpenFaaS core services"
+    Write-Host "Usage: "
-    Write-Host " -noAuth [-n]`tdisable basic authentication"
+    Write-Host " [default]`tdeploy the OpenFaaS core services"
-    Write-Host " -help [-h]`tdisplays this screen"
+    Write-Host " -noAuth [-n]`tdisable basic authentication"
-    Exit
+    Write-Host " -noHash`tprevents the password from being hashed (optional)"
-}
+    Write-Host " -help [-h]`tdisplays this screen"
-
+    Exit
-if (Get-Command docker -errorAction SilentlyContinue)
+}
-{
+
-    docker node ls 2>&1 | out-null
+if (Get-Command docker -errorAction SilentlyContinue)
-    if(-Not $?)
+{
-    {
+    docker node ls 2>&1 | out-null
-        throw "Docker not in swarm mode, please initialise the cluster (`docker swarm init`) and retry"
+    if(-Not $?)
-    }
+    {
-
+        throw "Docker not in swarm mode, please initialise the cluster (`docker swarm init`) and retry"
-    Add-Type -AssemblyName System.Web
+    }
-    $secret = [System.Web.Security.Membership]::GeneratePassword(24,5)
+
-    $user = 'admin'
+    # AE: would be nice to avoid this dependency.
-
+    Add-Type -AssemblyName System.Web
-    Write-Host "Attempting to create credentials for gateway.."
+    $password = [System.Web.Security.Membership]::GeneratePassword(24,5)
-    $user_secret = "basic-auth-user"
+    $secret = ""
-    docker secret inspect $user_secret 2>&1 | out-null
+
-    if($?)
+    if (-Not $noHash)
-    {
+    {
-        Write-Host "$user_secret secret exists"
+        $sha256 = [System.Security.Cryptography.HashAlgorithm]::Create('sha256')
-    }
+        $hash = $sha256.ComputeHash([System.Text.Encoding]::UTF8.GetBytes($password))
-    else
+
-    {
+        $secret = [System.BitConverter]::ToString($hash).Replace('-', '').toLower()
-        $user | docker secret create $user_secret - | out-null
+    } else {
-    }
+        $secret =$password 
-
+    }
-    $password_secret = "basic-auth-password"
+
-    docker secret inspect $password_secret 2>&1 | out-null
+    $user = 'admin'
-    if($?)
+
-    {
+    Write-Host "Attempting to create credentials for gateway.."
-        Write-Host "$password_secret secret exists"
+    $user_secret = "basic-auth-user"
-    }
+    docker secret inspect $user_secret 2>&1 | out-null
-    else
+    if($?)
-    {
+    {
-        $secret | docker secret create $password_secret - | out-null
+        Write-Host "$user_secret secret exists"
-        Write-Host "[Credentials]"
+    }
-        Write-Host " username: admin"
+    else
-        Write-Host " password: $secret"
+    {
-        Write-Host " Write-Output `"$secret`" | faas-cli login --username=$user --password-stdin"
+        $user | docker secret create $user_secret - | out-null
-    }
+    }
-    
+
-    if ($noAuth -Or $n) {
+    $password_secret = "basic-auth-password"
-        Write-Host ""
+    docker secret inspect $password_secret 2>&1 | out-null
-        Write-Host "Disabling basic authentication for gateway.."
+    if($?)
-        Write-Host ""
+    {
-        $env:BASIC_AUTH="false";
+        Write-Host "$password_secret secret exists"
-    }
+    }
-    else 
+    else
-    {
+    {
-        Write-Host ""
+        $secret | docker secret create $password_secret - | out-null
-        Write-Host "Enabling basic authentication for gateway.."
+        Write-Host "[Credentials]"
-        Write-Host ""
+        Write-Host " username: admin"
-    }
+        Write-Host " password: $secret"
-
+        Write-Host " Write-Output `"$secret`" | faas-cli login --username=$user --password-stdin"
-    Write-Host "Deploying OpenFaaS core services"
+    }
-    docker stack deploy func --compose-file ./docker-compose.yml
+
-}
+    if ($noAuth -Or $n) {
-else
+        Write-Host ""
-{
+        Write-Host "Disabling basic authentication for gateway.."
-    throw "Unable to find docker command, please install Docker (https://www.docker.com/) and retry"
+        Write-Host ""
-}
+        $env:BASIC_AUTH="false";
+    }
+    else 
+    {
+        Write-Host ""
+        Write-Host "Enabling basic authentication for gateway.."
+        Write-Host ""
+    }
+
+    Write-Host "Deploying OpenFaaS core services"
+    docker stack deploy func --compose-file ./docker-compose.yml  --orchestrator swarm
+}
+else
+{
+    throw "Unable to find docker command, please install Docker (https://www.docker.com/) and retry"
+}
+