From f61735b1556657c9131c9497fee2548cea35d388 Mon Sep 17 00:00:00 2001
From: Lucas Roesler <roesler.lucas@gmail.com>
Date: Tue, 22 Jan 2019 21:43:38 +0100
Subject: [PATCH] Add basic auth to the system alert endpoint

**What**
- Protect the `/system/alert` endpoint when basic auth is enabled
- Update the alert manager config to send the basic auth credentials
- Bump the gateway version

Signed-off-by: Lucas Roesler <roesler.lucas@gmail.com>
---
 docker-compose.arm64.yml    | 2 +-
 docker-compose.armhf.yml    | 5 +++--
 docker-compose.yml          | 4 +++-
 gateway/server.go           | 2 ++
 prometheus/alertmanager.yml | 4 ++++
 5 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/docker-compose.arm64.yml b/docker-compose.arm64.yml
index f0017799..a9f83dcc 100644
--- a/docker-compose.arm64.yml
+++ b/docker-compose.arm64.yml
@@ -5,7 +5,7 @@ services:
             - "/var/run/docker.sock:/var/run/docker.sock"
         ports:
             - 8080:8080
-        image: functions/gateway:0.7.0-arm64
+        image: functions/gateway:0.10.0-arm64
         networks:
             - functions
         environment:
diff --git a/docker-compose.armhf.yml b/docker-compose.armhf.yml
index fafea440..13901d86 100644
--- a/docker-compose.armhf.yml
+++ b/docker-compose.armhf.yml
@@ -3,7 +3,7 @@ services:
     gateway:
         ports:
             - 8080:8080
-        image: openfaas/gateway:0.9.14-armhf
+        image: openfaas/gateway:0.10.0-armhf
         networks:
             - functions
         environment:
@@ -169,7 +169,8 @@ services:
         configs:
             - source: alertmanager_config
               target: /alertmanager.yml
-
+        secrets:
+            - basic-auth-password
 
 configs:
      prometheus_config:
diff --git a/docker-compose.yml b/docker-compose.yml
index 44f43f2c..81f194aa 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,7 +3,7 @@ services:
     gateway:
         ports:
             - 8080:8080
-        image: openfaas/gateway:0.9.14
+        image: openfaas/gateway:0.10.0
         networks:
             - functions
         environment:
@@ -173,6 +173,8 @@ services:
         configs:
             - source: alertmanager_config
               target: /alertmanager.yml
+        secrets:
+            - basic-auth-password
 
 
 configs:
diff --git a/gateway/server.go b/gateway/server.go
index 9ccfaaf9..c9a7ab0f 100644
--- a/gateway/server.go
+++ b/gateway/server.go
@@ -126,6 +126,8 @@ func main() {
 	faasHandlers.ScaleFunction = handlers.MakeForwardingProxyHandler(reverseProxy, forwardingNotifiers, urlResolver, nilURLTransformer)
 
 	if credentials != nil {
+		faasHandlers.Alert =
+			auth.DecorateWithBasicAuth(faasHandlers.Alert, credentials)
 		faasHandlers.UpdateFunction =
 			auth.DecorateWithBasicAuth(faasHandlers.UpdateFunction, credentials)
 		faasHandlers.DeleteFunction =
diff --git a/prometheus/alertmanager.yml b/prometheus/alertmanager.yml
index 491c75ff..182a07b3 100644
--- a/prometheus/alertmanager.yml
+++ b/prometheus/alertmanager.yml
@@ -20,3 +20,7 @@ receivers:
   webhook_configs:
     - url: http://gateway:8080/system/alert
       send_resolved: true
+      http_config:
+            basic_auth:
+              username: admin
+              password_file: /run/secrets/basic-auth-password