Enable custom filename for auth credentials

Signed-off-by: Alex Ellis <alexellis2@gmail.com>
This commit is contained in:
Alex Ellis 2019-06-08 10:12:37 +01:00
parent d6b3847fbd
commit 16aba728c7
5 changed files with 28 additions and 37 deletions

View File

@ -2,12 +2,12 @@
[[projects]] [[projects]]
digest = "1:deb76da5396c9f641ddea9ca79e31a14bdb09c787cdfda90488768b7539b1fd6" digest = "1:57ef1eb08e128d58c028f402b2030582907c49efc461f4764cf5c9161a4af2c0"
name = "github.com/openfaas/faas-provider" name = "github.com/openfaas/faas-provider"
packages = ["auth"] packages = ["auth"]
pruneopts = "UT" pruneopts = "UT"
revision = "6a76a052deb12fd94b373c082963d8a8ad44d4d1" revision = "376c26ef02007abb7cadbd550bb75df166764473"
version = "0.9.0" version = "0.9.1"
[[projects]] [[projects]]
digest = "1:cf31692c14422fa27c83a05292eb5cbe0fb2775972e8f1f8446a71549bd8980b" digest = "1:cf31692c14422fa27c83a05292eb5cbe0fb2775972e8f1f8446a71549bd8980b"

View File

@ -1,33 +1,6 @@
# Gopkg.toml example
#
# Refer to https://golang.github.io/dep/docs/Gopkg.toml.html
# for detailed Gopkg.toml documentation.
#
# required = ["github.com/user/thing/cmd/thing"]
# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"]
#
# [[constraint]]
# name = "github.com/user/project"
# version = "1.0.0"
#
# [[constraint]]
# name = "github.com/user/project2"
# branch = "dev"
# source = "github.com/myfork/project2"
#
# [[override]]
# name = "github.com/x/y"
# version = "2.4.0"
#
# [prune]
# non-go = false
# go-tests = true
# unused-packages = true
[[constraint]] [[constraint]]
name = "github.com/openfaas/faas-provider" name = "github.com/openfaas/faas-provider"
version = "0.9.0" version = "0.9.1"
[prune] [prune]
go-tests = true go-tests = true

View File

@ -5,7 +5,9 @@ This component implements [Basic Authentication](https://en.wikipedia.org/wiki/B
To run this plugin you will need to create and bind a secret named `basic-auth-user` and `basic-auth-password` To run this plugin you will need to create and bind a secret named `basic-auth-user` and `basic-auth-password`
| Option | Usage | | Option | Usage |
|------------------------|--------------| |---------------------------------|--------------|
| `port` | Set the HTTP port | | `port` | Set the HTTP port |
| `secret_mount_path` | It is recommended that this is set to `/var/openfaas/secrets` | | `secret_mount_path` | It is recommended that this is set to `/var/openfaas/secrets` |
| `user_filename` | File to read from disk for username, default empty |
| `pass_filename` | File to read from disk for username, default empty |

View File

@ -32,7 +32,9 @@ func main() {
} }
credentialsReader := auth.ReadBasicAuthFromDisk{ credentialsReader := auth.ReadBasicAuthFromDisk{
SecretMountPath: os.Getenv("secret_mount_path"), SecretMountPath: os.Getenv("secret_mount_path"),
UserFilename: os.Getenv("user_filename"),
PasswordFilename: os.Getenv("pass_filename"),
} }
credentials, err := credentialsReader.Read() credentials, err := credentialsReader.Read()

View File

@ -22,6 +22,10 @@ type ReadBasicAuth interface {
type ReadBasicAuthFromDisk struct { type ReadBasicAuthFromDisk struct {
SecretMountPath string SecretMountPath string
UserFilename string
PasswordFilename string
} }
func (r *ReadBasicAuthFromDisk) Read() (*BasicAuthCredentials, error) { func (r *ReadBasicAuthFromDisk) Read() (*BasicAuthCredentials, error) {
@ -31,13 +35,23 @@ func (r *ReadBasicAuthFromDisk) Read() (*BasicAuthCredentials, error) {
return nil, fmt.Errorf("invalid SecretMountPath specified for reading secrets") return nil, fmt.Errorf("invalid SecretMountPath specified for reading secrets")
} }
userPath := path.Join(r.SecretMountPath, "basic-auth-user") userKey := "basic-auth-user"
if len(r.UserFilename) > 0 {
userKey = r.UserFilename
}
passwordKey := "basic-auth-password"
if len(r.PasswordFilename) > 0 {
passwordKey = r.PasswordFilename
}
userPath := path.Join(r.SecretMountPath, userKey)
user, userErr := ioutil.ReadFile(userPath) user, userErr := ioutil.ReadFile(userPath)
if userErr != nil { if userErr != nil {
return nil, fmt.Errorf("unable to load %s", userPath) return nil, fmt.Errorf("unable to load %s", userPath)
} }
userPassword := path.Join(r.SecretMountPath, "basic-auth-password") userPassword := path.Join(r.SecretMountPath, passwordKey)
password, passErr := ioutil.ReadFile(userPassword) password, passErr := ioutil.ReadFile(userPassword)
if passErr != nil { if passErr != nil {
return nil, fmt.Errorf("Unable to load %s", userPassword) return nil, fmt.Errorf("Unable to load %s", userPassword)