mirror of
https://github.com/openfaas/faas.git
synced 2025-06-08 16:26:47 +00:00
- PR #929 introduced the ability to generate passwords for the gateway admin user, this is a good step forwards for Windows users. It did introduce an inconsistency in the format that passwords are stored by not using a form of hashing. Hashing of secrets is used extensively within OpenFaaS/OpenFaaS Cloud whether with Swarm or Kubernetes via helm. If there are concerns about using a hashed value for a password I would suggest raising an issue to track this and have any decision we make applied for all users (not just PowerShell users). As a compromise I've introduced hashing by default and added a new flag called -noHash which can be used to replicate the behaviour of the original PR. After feedback from other contributors I also looked into whether the flag syntax could match the existing syntax but left this as is. Bash will use --no-auth and PowerShell will use --noAuth. This was tested on Docker Swarm on Windows. Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
93 lines
2.5 KiB
PowerShell
93 lines
2.5 KiB
PowerShell
#!ps1
|
|
|
|
param (
|
|
[switch] $noAuth,
|
|
[switch] $noHash,
|
|
[switch] $n,
|
|
[switch] $help,
|
|
[switch] $h
|
|
)
|
|
|
|
if ($help -Or $h) {
|
|
Write-Host "Usage: "
|
|
Write-Host " [default]`tdeploy the OpenFaaS core services"
|
|
Write-Host " -noAuth [-n]`tdisable basic authentication"
|
|
Write-Host " -noHash`tprevents the password from being hashed (optional)"
|
|
Write-Host " -help [-h]`tdisplays this screen"
|
|
Exit
|
|
}
|
|
|
|
if (Get-Command docker -errorAction SilentlyContinue)
|
|
{
|
|
docker node ls 2>&1 | out-null
|
|
if(-Not $?)
|
|
{
|
|
throw "Docker not in swarm mode, please initialise the cluster (`docker swarm init`) and retry"
|
|
}
|
|
|
|
# AE: would be nice to avoid this dependency.
|
|
Add-Type -AssemblyName System.Web
|
|
$password = [System.Web.Security.Membership]::GeneratePassword(24,5)
|
|
$secret = ""
|
|
|
|
if (-Not $noHash)
|
|
{
|
|
$sha256 = [System.Security.Cryptography.HashAlgorithm]::Create('sha256')
|
|
$hash = $sha256.ComputeHash([System.Text.Encoding]::UTF8.GetBytes($password))
|
|
|
|
$secret = [System.BitConverter]::ToString($hash).Replace('-', '').toLower()
|
|
} else {
|
|
$secret =$password
|
|
}
|
|
|
|
$user = 'admin'
|
|
|
|
Write-Host "Attempting to create credentials for gateway.."
|
|
$user_secret = "basic-auth-user"
|
|
docker secret inspect $user_secret 2>&1 | out-null
|
|
if($?)
|
|
{
|
|
Write-Host "$user_secret secret exists"
|
|
}
|
|
else
|
|
{
|
|
$user | docker secret create $user_secret - | out-null
|
|
}
|
|
|
|
$password_secret = "basic-auth-password"
|
|
docker secret inspect $password_secret 2>&1 | out-null
|
|
if($?)
|
|
{
|
|
Write-Host "$password_secret secret exists"
|
|
}
|
|
else
|
|
{
|
|
$secret | docker secret create $password_secret - | out-null
|
|
Write-Host "[Credentials]"
|
|
Write-Host " username: admin"
|
|
Write-Host " password: $secret"
|
|
Write-Host " Write-Output `"$secret`" | faas-cli login --username=$user --password-stdin"
|
|
}
|
|
|
|
if ($noAuth -Or $n) {
|
|
Write-Host ""
|
|
Write-Host "Disabling basic authentication for gateway.."
|
|
Write-Host ""
|
|
$env:BASIC_AUTH="false";
|
|
}
|
|
else
|
|
{
|
|
Write-Host ""
|
|
Write-Host "Enabling basic authentication for gateway.."
|
|
Write-Host ""
|
|
}
|
|
|
|
Write-Host "Deploying OpenFaaS core services"
|
|
docker stack deploy func --compose-file ./docker-compose.yml --orchestrator swarm
|
|
}
|
|
else
|
|
{
|
|
throw "Unable to find docker command, please install Docker (https://www.docker.com/) and retry"
|
|
}
|
|
|