Enable custom filename for auth credentials

Signed-off-by: Alex Ellis <alexellis2@gmail.com>
This commit is contained in:
Alex Ellis 2019-06-08 10:12:37 +01:00
parent d6b3847fbd
commit 16aba728c7
5 changed files with 28 additions and 37 deletions

View File

@ -2,12 +2,12 @@
[[projects]]
digest = "1:deb76da5396c9f641ddea9ca79e31a14bdb09c787cdfda90488768b7539b1fd6"
digest = "1:57ef1eb08e128d58c028f402b2030582907c49efc461f4764cf5c9161a4af2c0"
name = "github.com/openfaas/faas-provider"
packages = ["auth"]
pruneopts = "UT"
revision = "6a76a052deb12fd94b373c082963d8a8ad44d4d1"
version = "0.9.0"
revision = "376c26ef02007abb7cadbd550bb75df166764473"
version = "0.9.1"
[[projects]]
digest = "1:cf31692c14422fa27c83a05292eb5cbe0fb2775972e8f1f8446a71549bd8980b"

View File

@ -1,33 +1,6 @@
# Gopkg.toml example
#
# Refer to https://golang.github.io/dep/docs/Gopkg.toml.html
# for detailed Gopkg.toml documentation.
#
# required = ["github.com/user/thing/cmd/thing"]
# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"]
#
# [[constraint]]
# name = "github.com/user/project"
# version = "1.0.0"
#
# [[constraint]]
# name = "github.com/user/project2"
# branch = "dev"
# source = "github.com/myfork/project2"
#
# [[override]]
# name = "github.com/x/y"
# version = "2.4.0"
#
# [prune]
# non-go = false
# go-tests = true
# unused-packages = true
[[constraint]]
name = "github.com/openfaas/faas-provider"
version = "0.9.0"
version = "0.9.1"
[prune]
go-tests = true

View File

@ -5,7 +5,9 @@ This component implements [Basic Authentication](https://en.wikipedia.org/wiki/B
To run this plugin you will need to create and bind a secret named `basic-auth-user` and `basic-auth-password`
| Option | Usage |
|------------------------|--------------|
| `port` | Set the HTTP port |
| Option | Usage |
|---------------------------------|--------------|
| `port` | Set the HTTP port |
| `secret_mount_path` | It is recommended that this is set to `/var/openfaas/secrets` |
| `user_filename` | File to read from disk for username, default empty |
| `pass_filename` | File to read from disk for username, default empty |

View File

@ -32,7 +32,9 @@ func main() {
}
credentialsReader := auth.ReadBasicAuthFromDisk{
SecretMountPath: os.Getenv("secret_mount_path"),
SecretMountPath: os.Getenv("secret_mount_path"),
UserFilename: os.Getenv("user_filename"),
PasswordFilename: os.Getenv("pass_filename"),
}
credentials, err := credentialsReader.Read()

View File

@ -22,6 +22,10 @@ type ReadBasicAuth interface {
type ReadBasicAuthFromDisk struct {
SecretMountPath string
UserFilename string
PasswordFilename string
}
func (r *ReadBasicAuthFromDisk) Read() (*BasicAuthCredentials, error) {
@ -31,13 +35,23 @@ func (r *ReadBasicAuthFromDisk) Read() (*BasicAuthCredentials, error) {
return nil, fmt.Errorf("invalid SecretMountPath specified for reading secrets")
}
userPath := path.Join(r.SecretMountPath, "basic-auth-user")
userKey := "basic-auth-user"
if len(r.UserFilename) > 0 {
userKey = r.UserFilename
}
passwordKey := "basic-auth-password"
if len(r.PasswordFilename) > 0 {
passwordKey = r.PasswordFilename
}
userPath := path.Join(r.SecretMountPath, userKey)
user, userErr := ioutil.ReadFile(userPath)
if userErr != nil {
return nil, fmt.Errorf("unable to load %s", userPath)
}
userPassword := path.Join(r.SecretMountPath, "basic-auth-password")
userPassword := path.Join(r.SecretMountPath, passwordKey)
password, passErr := ioutil.ReadFile(userPassword)
if passErr != nil {
return nil, fmt.Errorf("Unable to load %s", userPassword)