Initial merge of faas-containerd

This patch completes part of the work in #20 by porting the code for faas-containerd in-tree. When tested, I was able to deploy and then remove figlet from the store on `x86_64`. In a follow-up PR, duplication will be removed where possible and consolidated with updated documentation. Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
2025-06-29 10:13:25 +00:00 · 2020-01-21 13:12:44 +00:00
parent cda1fe78b1
commit 42e9c91ee9
52 changed files with 5260 additions and 3 deletions
--- a/vendor/github.com/openfaas/faas-provider/auth/basic_auth.go
+++ b/vendor/github.com/openfaas/faas-provider/auth/basic_auth.go
@ -0,0 +1,30 @@
+// Copyright (c) OpenFaaS Author(s). All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+package auth
+
+import (
+	"crypto/subtle"
+	"net/http"
+)
+
+// DecorateWithBasicAuth enforces basic auth as a middleware with given credentials
+func DecorateWithBasicAuth(next http.HandlerFunc, credentials *BasicAuthCredentials) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+
+		user, password, ok := r.BasicAuth()
+
+		const noMatch = 0
+		if !ok ||
+			user != credentials.User ||
+			subtle.ConstantTimeCompare([]byte(credentials.Password), []byte(password)) == noMatch {
+
+			w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
+			w.WriteHeader(http.StatusUnauthorized)
+			w.Write([]byte("invalid credentials"))
+			return
+		}
+
+		next.ServeHTTP(w, r)
+	}
+}
--- a/vendor/github.com/openfaas/faas-provider/auth/credentials.go
+++ b/vendor/github.com/openfaas/faas-provider/auth/credentials.go
@ -0,0 +1,66 @@
+// Copyright (c) OpenFaaS Author(s). All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+package auth
+
+import (
+	"fmt"
+	"io/ioutil"
+	"path"
+	"strings"
+)
+
+// BasicAuthCredentials for credentials
+type BasicAuthCredentials struct {
+	User     string
+	Password string
+}
+
+type ReadBasicAuth interface {
+	Read() (*BasicAuthCredentials, error)
+}
+
+type ReadBasicAuthFromDisk struct {
+	SecretMountPath string
+
+	UserFilename string
+
+	PasswordFilename string
+}
+
+func (r *ReadBasicAuthFromDisk) Read() (*BasicAuthCredentials, error) {
+	var credentials *BasicAuthCredentials
+
+	if len(r.SecretMountPath) == 0 {
+		return nil, fmt.Errorf("invalid SecretMountPath specified for reading secrets")
+	}
+
+	userKey := "basic-auth-user"
+	if len(r.UserFilename) > 0 {
+		userKey = r.UserFilename
+	}
+
+	passwordKey := "basic-auth-password"
+	if len(r.PasswordFilename) > 0 {
+		passwordKey = r.PasswordFilename
+	}
+
+	userPath := path.Join(r.SecretMountPath, userKey)
+	user, userErr := ioutil.ReadFile(userPath)
+	if userErr != nil {
+		return nil, fmt.Errorf("unable to load %s", userPath)
+	}
+
+	userPassword := path.Join(r.SecretMountPath, passwordKey)
+	password, passErr := ioutil.ReadFile(userPassword)
+	if passErr != nil {
+		return nil, fmt.Errorf("Unable to load %s", userPassword)
+	}
+
+	credentials = &BasicAuthCredentials{
+		User:     strings.TrimSpace(string(user)),
+		Password: strings.TrimSpace(string(password)),
+	}
+
+	return credentials, nil
+}