Add unit test for proxy and shutdown channel

* Proxy has initial unit test and more can be added
* Shutdown channel and cancellation added for proper shutdown of
the proxy

Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>

.github/CODEOWNERS

@@ -0,0 +1 @@
+@alexellis

.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,41 @@
+<!--- Provide a general summary of the issue in the Title above -->
+
+## Expected Behaviour
+<!--- If you're describing a bug, tell us what should happen -->
+<!--- If you're suggesting a change/improvement, tell us how it should work -->
+
+## Current Behaviour
+<!--- If describing a bug, tell us what happens instead of the expected behavior -->
+<!--- If suggesting a change/improvement, explain the difference from current behavior -->
+
+## Possible Solution
+<!--- Not obligatory, but suggest a fix/reason for the bug, -->
+<!--- or ideas how to implement the addition or change -->
+
+## Steps to Reproduce (for bugs)
+<!--- Provide a link to a live example, or an unambiguous set of steps to -->
+<!--- reproduce this bug. Include code to reproduce, if relevant -->
+1.
+2.
+3.
+4.
+
+## Context
+<!--- How has this issue affected you? What are you trying to accomplish? -->
+<!--- Providing context helps us come up with a solution that is most useful in the real world -->
+
+## Your Environment
+
+* OS and architecture:
+
+* Versions:
+
+```sh
+go version
+
+containerd -version
+
+uname -a
+
+cat /etc/os-release
+```

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,40 @@
+<!--- Provide a general summary of your changes in the Title above -->
+
+## Description
+<!--- Describe your changes in detail -->
+
+## Motivation and Context
+<!--- Why is this change required? What problem does it solve? -->
+<!--- If it fixes an open issue, please link to the issue here. -->
+- [ ] I have raised an issue to propose this change **this is required**
+
+
+## How Has This Been Tested?
+<!--- Please describe in detail how you tested your changes. -->
+<!--- Include details of your testing environment, and the tests you ran to -->
+<!--- see how your change affects other areas of the code, etc. -->
+
+
+## Types of changes
+<!--- What types of changes does your code introduce? Put an `x` in all the boxes that apply: -->
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to change)
+
+## Checklist:
+
+Commits:
+
+- [ ] I've read the [CONTRIBUTION](https://github.com/openfaas/faas/blob/master/CONTRIBUTING.md) guide
+- [ ] My commit message has a body and describe how this was tested and why it is required.
+- [ ] I have signed-off my commits with `git commit -s` for the Developer Certificate of Origin (DCO)
+
+Code:
+
+- [ ] My code follows the code style of this project.
+- [ ] I have added tests to cover my changes.
+
+Docs:
+
+- [ ] My change requires a change to the documentation.
+- [ ] I have updated the documentation accordingly.

.gitignore

@@ -1,3 +1,7 @@
 /faasd
 hosts
 /resolv.conf
+.idea/
+
+basic-auth-user
+basic-auth-password

Gopkg.lock

@@ -273,6 +273,14 @@
   revision = "ba968bfe8b2f7e042a574c888954fccecfa385b4"
   version = "v0.8.1"
 
+[[projects]]
+  digest = "1:044c51736e2688a3e4f28f72537f8a7b3f9c188fab4477d5334d92dfe2c07ed5"
+  name = "github.com/sethvargo/go-password"
+  packages = ["password"]
+  pruneopts = "UT"
+  revision = "07c3d521e892540e71469bb0312866130714c038"
+  version = "v0.1.3"
+
 [[projects]]
   digest = "1:fd61cf4ae1953d55df708acb6b91492d538f49c305b364a014049914495db426"
   name = "github.com/sirupsen/logrus"
@@ -466,6 +474,7 @@
     "github.com/containerd/containerd/oci",
     "github.com/morikuni/aec",
     "github.com/opencontainers/runtime-spec/specs-go",
+    "github.com/sethvargo/go-password/password",
     "github.com/spf13/cobra",
     "github.com/vishvananda/netlink",
     "github.com/vishvananda/netns",

Gopkg.toml

@@ -21,3 +21,7 @@
 [prune]
   go-tests = true
   unused-packages = true
+
+[[constraint]]
+  name = "github.com/sethvargo/go-password"
+  version = "0.1.3"

Makefile

@@ -1,6 +1,6 @@
 Version := $(shell git describe --tags --dirty)
 GitCommit := $(shell git rev-parse HEAD)
-LDFLAGS := "-s -w -X pkg.Version=$(Version) -X pkg.GitCommit=$(GitCommit)"
+LDFLAGS := "-s -w -X main.Version=$(Version) -X main.GitCommit=$(GitCommit)"
 
 .PHONY: all
 all: local

README.md

@@ -30,21 +30,31 @@ Other operations are pending development in the provider.
 
 ### Pre-reqs
 
-* Linux - ideally Ubuntu, which is used for testing
+* Linux
+
+    PC / Cloud - any Linux that containerd works on should be fair game, but faasd is tested with Ubuntu 18.04
+
+    For Raspberry Pi Raspbian Stretch or newer also works fine
+
+    For MacOS users try [multipass.run](https://multipass.run) or [Vagrant](https://www.vagrantup.com/)
+
+    For Windows users, install [Git Bash](https://git-scm.com/downloads) along with multipass or vagrant. You can also use WSL1 or WSL2 which provides a Linux environment.
+
 * Installation steps as per [faas-containerd](https://github.com/alexellis/faas-containerd) for building and for development
     * [netns](https://github.com/genuinetools/netns/releases) binary in `$PATH`
     * [containerd v1.3.2](https://github.com/containerd/containerd)
+
 * [faas-cli](https://github.com/openfaas/faas-cli) (optional)
 
 ## Backlog
 
 Pending:
 
-* [ ] Configure `basic_auth` to protect the OpenFaaS gateway and faas-containerd HTTP API
 * [ ] Use CNI to create network namespaces and adapters
 * [ ] Monitor and restart any of the core components at runtime if the container stops
 * [ ] Bundle/package/automate installation of containerd - [see bootstrap from k3s](https://github.com/rancher/k3s)
 * [ ] Provide ufw rules / example for blocking access to everything but a reverse proxy to the gateway container
+* [ ] Provide [simple Caddyfile example](https://blog.alexellis.io/https-inlets-local-endpoints/) in the README showing how to expose the faasd proxy on port 80/443 with TLS
 
 Done:
 
@@ -55,6 +65,13 @@ Done:
 * [x] Restart containers upon restart of faasd
 * [x] Clear / remove containers and tasks with SIGTERM / SIGINT
 * [x] Determine armhf/arm64 containers to run for gateway
+* [x] Configure `basic_auth` to protect the OpenFaaS gateway and faas-containerd HTTP API
+
+## Tutorial: Get started on armhf / Raspberry Pi
+
+You can run this tutorial on your Raspberry Pi, or adapt the steps for a regular Linux VM/VPS host.
+
+* [faasd - lightweight Serverless for your Raspberry Pi](https://blog.alexellis.io/faasd-for-lightweight-serverless/)
 
 ## Hacking (build from source)
 
@@ -86,17 +103,17 @@ go build
 
 ```sh
 # For x86_64
-sudo curl -fSLs "https://github.com/alexellis/faasd/releases/download/0.2.5/faasd" \
+sudo curl -fSLs "https://github.com/alexellis/faasd/releases/download/0.4.2/faasd" \
     -o "/usr/local/bin/faasd" \
     && sudo chmod a+x "/usr/local/bin/faasd"
 
 # armhf
-sudo curl -fSLs "https://github.com/alexellis/faasd/releases/download/0.2.5/faasd-armhf" \
+sudo curl -fSLs "https://github.com/alexellis/faasd/releases/download/0.4.2/faasd-armhf" \
     -o "/usr/local/bin/faasd" \
     && sudo chmod a+x "/usr/local/bin/faasd"
 
 # arm64
-sudo curl -fSLs "https://github.com/alexellis/faasd/releases/download/0.2.5/faasd-arm64" \
+sudo curl -fSLs "https://github.com/alexellis/faasd/releases/download/0.4.2/faasd-arm64" \
     -o "/usr/local/bin/faasd" \
     && sudo chmod a+x "/usr/local/bin/faasd"
 ```
@@ -123,6 +140,11 @@ Since faas-containerd uses containerd heavily it is not running as a container,
 
 * Now go to the gateway's IP address as shown above on port 8080, i.e. http://172.19.0.3:8080 - you can also use this address to deploy OpenFaaS Functions via the `faas-cli`. 
 
+* basic-auth
+
+    You will then need to get the basic-auth password, it is written to `$GOPATH/src/github.com/alexellis/faasd/basic-auth-password` if you followed the above instructions.
+The default Basic Auth username is `admin`, which is written to `$GOPATH/src/github.com/alexellis/faasd/basic-auth-user`, if you wish to use a non-standard user then create this file and add your username (no newlines or other characters) 
+
 #### Installation with systemd
 
 * `faasd install` - install faasd and containerd with systemd, run in `$GOPATH/src/github.com/alexellis/faasd`

cmd/install.go

@@ -6,6 +6,7 @@ import (
 	"path"
 
 	systemd "github.com/alexellis/faasd/pkg/systemd"
+	"github.com/pkg/errors"
 
 	"github.com/spf13/cobra"
 )
@@ -18,6 +19,10 @@ var installCmd = &cobra.Command{
 
 func runInstall(_ *cobra.Command, _ []string) error {
 
+	if basicAuthErr := makeBasicAuthFiles(); basicAuthErr != nil {
+		return errors.Wrap(basicAuthErr, "cannot create basic-auth-* files")
+	}
+
 	err := binExists("/usr/local/bin/", "faas-containerd")
 	if err != nil {
 		return err

cmd/root.go

@@ -3,19 +3,10 @@ package cmd
 import (
 	"fmt"
 
-	"github.com/alexellis/faasd/pkg"
 	"github.com/morikuni/aec"
 	"github.com/spf13/cobra"
 )
 
-var (
-	// Version as per git repo
-	Version string
-
-	// GitCommit as per git repo
-	GitCommit string
-)
-
 // WelcomeMessage to introduce ofc-bootstrap
 const WelcomeMessage = "Welcome to faasd"
 
@@ -25,39 +16,14 @@ func init() {
 	rootCommand.AddCommand(installCmd)
 }
 
-var rootCommand = &cobra.Command{
-	Use:   "faasd",
-	Short: "Start faasd",
-	Long: `
-faasd - serverless without Kubernetes
-`,
-	RunE:         runRootCommand,
-	SilenceUsage: true,
-}
-
-var versionCmd = &cobra.Command{
-	Use:   "version",
-	Short: "Display version information.",
-	Run:   parseBaseCommand,
-}
-
-func getVersion() string {
-	if len(Version) != 0 {
-		return Version
-	}
-	return "dev"
-}
-
-func parseBaseCommand(_ *cobra.Command, _ []string) {
-	printLogo()
-
-	fmt.Printf(
-		`faasd
-Commit: %s
-Version: %s
-`, pkg.GitCommit, pkg.GetVersion())
-}
+var (
+	// GitCommit Git Commit SHA
+	GitCommit string
+	// Version version of the CLI
+	Version string
+)
 
+// Execute faasd
 func Execute(version, gitCommit string) error {
 
 	// Get Version and GitCommit values from main.go.
@@ -70,6 +36,16 @@ func Execute(version, gitCommit string) error {
 	return nil
 }
 
+var rootCommand = &cobra.Command{
+	Use:   "faasd",
+	Short: "Start faasd",
+	Long: `
+faasd - serverless without Kubernetes
+`,
+	RunE:         runRootCommand,
+	SilenceUsage: true,
+}
+
 func runRootCommand(cmd *cobra.Command, args []string) error {
 
 	printLogo()
@@ -78,7 +54,39 @@ func runRootCommand(cmd *cobra.Command, args []string) error {
 	return nil
 }
 
+var versionCmd = &cobra.Command{
+	Use:   "version",
+	Short: "Display version information.",
+	Run:   parseBaseCommand,
+}
+
+func parseBaseCommand(_ *cobra.Command, _ []string) {
+	printLogo()
+
+	fmt.Printf(
+		`faasd
+Commit: %s
+Version: %s
+`, GitCommit, GetVersion())
+}
+
 func printLogo() {
-	logoText := aec.WhiteF.Apply(pkg.Logo)
+	logoText := aec.WhiteF.Apply(Logo)
 	fmt.Println(logoText)
 }
+
+// GetVersion get latest version
+func GetVersion() string {
+	if len(Version) == 0 {
+		return "dev"
+	}
+	return Version
+}
+
+// Logo for version and root command
+const Logo = `  __                     _ 
+ / _| __ _  __ _ ___  __| |
+| |_ / _` + "`" + ` |/ _` + "`" + ` / __|/ _` + "`" + ` |
+|  _| (_| | (_| \__ \ (_| |
+|_|  \__,_|\__,_|___/\__,_|
+`

cmd/up.go

@@ -2,16 +2,21 @@ package cmd
 
 import (
 	"fmt"
+	"io/ioutil"
 	"log"
 	"os"
 	"os/signal"
 	"path"
+	"strings"
 	"sync"
 	"syscall"
 	"time"
 
+	"github.com/pkg/errors"
+
 	"github.com/alexellis/faasd/pkg"
 	"github.com/alexellis/k3sup/pkg/env"
+	"github.com/sethvargo/go-password/password"
 	"github.com/spf13/cobra"
 )
 
@@ -21,6 +26,8 @@ var upCmd = &cobra.Command{
 	RunE:  runUp,
 }
 
+const secretMountDir = "/run/secrets"
+
 func runUp(_ *cobra.Command, _ []string) error {
 
 	clientArch, clientOS := env.GetClientArch()
@@ -42,6 +49,10 @@ func runUp(_ *cobra.Command, _ []string) error {
 		clientSuffix = "-arm64"
 	}
 
+	if basicAuthErr := makeBasicAuthFiles(); basicAuthErr != nil {
+		return errors.Wrap(basicAuthErr, "cannot create basic-auth-* files")
+	}
+
 	services := makeServiceDefinitions(clientSuffix)
 
 	start := time.Now()
@@ -65,6 +76,8 @@ func runUp(_ *cobra.Command, _ []string) error {
 	log.Printf("Supervisor init done in: %s\n", time.Since(start).String())
 
 	shutdownTimeout := time.Second * 1
+	timeout := time.Second * 60
+	proxyDoneCh := make(chan bool)
 
 	wg := sync.WaitGroup{}
 	wg.Add(1)
@@ -80,19 +93,107 @@ func runUp(_ *cobra.Command, _ []string) error {
 		if err != nil {
 			fmt.Println(err)
 		}
+
+		// Close proxy
+		proxyDoneCh <- true
 		time.AfterFunc(shutdownTimeout, func() {
 			wg.Done()
 		})
 	}()
 
+	gatewayURLChan := make(chan string, 1)
+	proxyPort := 8080
+	proxy := pkg.NewProxy(proxyPort, timeout)
+	go proxy.Start(gatewayURLChan, proxyDoneCh)
+
+	go func() {
+		wd, _ := os.Getwd()
+
+		time.Sleep(3 * time.Second)
+
+		fileData, fileErr := ioutil.ReadFile(path.Join(wd, "hosts"))
+		if fileErr != nil {
+			log.Println(fileErr)
+			return
+		}
+		host := ""
+		lines := strings.Split(string(fileData), "\n")
+		for _, line := range lines {
+			if strings.Index(line, "gateway") > -1 {
+				host = line[:strings.Index(line, "\t")]
+			}
+		}
+		log.Printf("[up] Sending %s to proxy\n", host)
+		gatewayURLChan <- host + ":8080"
+		close(gatewayURLChan)
+	}()
+
 	wg.Wait()
 	return nil
 }
 
+func makeBasicAuthFiles() error {
+	wd, _ := os.Getwd()
+	pwdFile := wd + "/basic-auth-password"
+	authPassword, err := password.Generate(63, 10, 0, false, true)
+
+	if err != nil {
+		return err
+	}
+
+	err = makeFile(pwdFile, authPassword)
+	if err != nil {
+		return err
+	}
+
+	userFile := wd + "/basic-auth-user"
+	err = makeFile(userFile, "admin")
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func makeFile(filePath, fileContents string) error {
+	_, err := os.Stat(filePath)
+	if err == nil {
+		log.Printf("File exists: %q\n", filePath)
+		return nil
+	} else if os.IsNotExist(err) {
+		log.Printf("Writing to: %q\n", filePath)
+		return ioutil.WriteFile(filePath, []byte(fileContents), 0644)
+	} else {
+		return err
+	}
+}
+
 func makeServiceDefinitions(archSuffix string) []pkg.Service {
 	wd, _ := os.Getwd()
 
 	return []pkg.Service{
+		pkg.Service{
+			Name:  "basic-auth-plugin",
+			Image: "docker.io/openfaas/basic-auth-plugin:0.18.10" + archSuffix,
+			Env: []string{
+				"port=8080",
+				"secret_mount_path=" + secretMountDir,
+				"user_filename=basic-auth-user",
+				"pass_filename=basic-auth-password",
+			},
+			Mounts: []pkg.Mount{
+				pkg.Mount{
+					Src:  path.Join(wd, "basic-auth-password"),
+					Dest: path.Join(secretMountDir, "basic-auth-password"),
+				},
+				pkg.Mount{
+					Src:  path.Join(wd, "basic-auth-user"),
+					Dest: path.Join(secretMountDir, "basic-auth-user"),
+				},
+			},
+			Caps: []string{"CAP_NET_RAW"},
+			Args: nil,
+		},
 		pkg.Service{
 			Name:  "nats",
 			Env:   []string{""},
@@ -115,7 +216,7 @@ func makeServiceDefinitions(archSuffix string) []pkg.Service {
 		pkg.Service{
 			Name: "gateway",
 			Env: []string{
-				"basic_auth=false",
+				"basic_auth=true",
 				"functions_provider_url=http://faas-containerd:8081/",
 				"direct_functions=false",
 				"read_timeout=60s",
@@ -123,10 +224,22 @@ func makeServiceDefinitions(archSuffix string) []pkg.Service {
 				"upstream_timeout=65s",
 				"faas_nats_address=nats",
 				"faas_nats_port=4222",
+				"auth_proxy_url=http://basic-auth-plugin:8080/validate",
+				"auth_proxy_pass_body=false",
+				"secret_mount_path=" + secretMountDir,
 			},
-			Image:  "docker.io/openfaas/gateway:0.18.8" + archSuffix,
-			Mounts: []pkg.Mount{},
-			Caps:   []string{"CAP_NET_RAW"},
+			Image: "docker.io/openfaas/gateway:0.18.8" + archSuffix,
+			Mounts: []pkg.Mount{
+				pkg.Mount{
+					Src:  path.Join(wd, "basic-auth-password"),
+					Dest: path.Join(secretMountDir, "basic-auth-password"),
+				},
+				pkg.Mount{
+					Src:  path.Join(wd, "basic-auth-user"),
+					Dest: path.Join(secretMountDir, "basic-auth-user"),
+				},
+			},
+			Caps: []string{"CAP_NET_RAW"},
 		},
 		pkg.Service{
 			Name: "queue-worker",
@@ -138,10 +251,21 @@ func makeServiceDefinitions(archSuffix string) []pkg.Service {
 				"ack_wait=5m5s",
 				"max_inflight=1",
 				"write_debug=false",
+				"basic_auth=true",
+				"secret_mount_path=" + secretMountDir,
 			},
-			Image:  "docker.io/openfaas/queue-worker:0.9.0",
-			Mounts: []pkg.Mount{},
-			Caps:   []string{"CAP_NET_RAW"},
+			Image: "docker.io/openfaas/queue-worker:0.9.0",
+			Mounts: []pkg.Mount{
+				pkg.Mount{
+					Src:  path.Join(wd, "basic-auth-password"),
+					Dest: path.Join(secretMountDir, "basic-auth-password"),
+				},
+				pkg.Mount{
+					Src:  path.Join(wd, "basic-auth-user"),
+					Dest: path.Join(secretMountDir, "basic-auth-user"),
+				},
+			},
+			Caps: []string{"CAP_NET_RAW"},
 		},
 	}
 }

hack/build-containerd-armhf.sh

@@ -1,11 +1,12 @@
 #!/bin/bash
 
+export ARCH="armv6l"
 echo "Downloading Go"
 
-curl -SLsf https://dl.google.com/go/go1.12.14.linux-armv6l.tar.gz > go.tgz
+curl -SLsf https://dl.google.com/go/go1.12.14.linux-$ARCH.tar.gz --output /tmp/go.tgz
 sudo rm -rf /usr/local/go/
 sudo mkdir -p /usr/local/go/
-sudo tar -xvf go.tgz -C /usr/local/go/ --strip-components=1
+sudo tar -xvf /tmp/go.tgz -C /usr/local/go/ --strip-components=1
 
 export GOPATH=$HOME/go/
 export PATH=$PATH:/usr/local/go/bin/

hack/build-containerd.sh

@@ -1,11 +1,12 @@
 #!/bin/bash
 
+export ARCH="amd64"
 echo "Downloading Go"
 
-curl -SLsf https://dl.google.com/go/go1.12.14.linux-amd64.tar.gz > go.tgz
+curl -SLsf https://dl.google.com/go/go1.12.14.linux-$ARCH.tar.gz --output /tmp/go.tgz
 sudo rm -rf /usr/local/go/
 sudo mkdir -p /usr/local/go/
-sudo tar -xvf go.tgz -C /usr/local/go/ --strip-components=1
+sudo tar -xvf /tmp/go.tgz -C /usr/local/go/ --strip-components=1
 
 export GOPATH=$HOME/go/
 export PATH=$PATH:/usr/local/go/bin/

main.go

@@ -4,13 +4,19 @@ import (
 	"os"
 
 	"github.com/alexellis/faasd/cmd"
-	"github.com/alexellis/faasd/pkg"
+)
+
+// These values will be injected into these variables at the build time.
+var (
+	// GitCommit Git Commit SHA
+	GitCommit string
+	// Version version of the CLI
+	Version string
 )
 
 func main() {
-	if err := cmd.Execute(pkg.Version, pkg.GitCommit); err != nil {
+	if err := cmd.Execute(Version, GitCommit); err != nil {
 		os.Exit(1)
 	}
 	return
-
 }

pkg/proxy.go

@@ -0,0 +1,122 @@
+package pkg
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"log"
+	"net/http"
+
+	"time"
+)
+
+func NewProxy(port int, timeout time.Duration) *Proxy {
+
+	return &Proxy{
+		Port:    port,
+		Timeout: timeout,
+	}
+}
+
+type Proxy struct {
+	Timeout time.Duration
+	Port    int
+}
+
+func (p *Proxy) Start(gatewayChan chan string, done chan bool) error {
+	tcp := p.Port
+
+	http.DefaultClient.CheckRedirect = func(req *http.Request, via []*http.Request) error {
+		return http.ErrUseLastResponse
+	}
+	ps := proxyState{
+		Host: "",
+	}
+
+	ps.Host = <-gatewayChan
+
+	log.Printf("Starting faasd proxy on %d\n", tcp)
+
+	fmt.Printf("Gateway: %s\n", ps.Host)
+
+	s := &http.Server{
+		Addr:           fmt.Sprintf(":%d", tcp),
+		ReadTimeout:    p.Timeout,
+		WriteTimeout:   p.Timeout,
+		MaxHeaderBytes: 1 << 20, // Max header of 1MB
+		Handler:        http.HandlerFunc(makeProxy(&ps)),
+	}
+
+	go func() {
+		log.Printf("[proxy] Begin listen on %d\n", p.Port)
+		if err := s.ListenAndServe(); err != http.ErrServerClosed {
+			log.Printf("Error ListenAndServe: %v", err)
+		}
+	}()
+
+	log.Println("[proxy] Wait for done")
+	<-done
+	log.Println("[proxy] Done received")
+	if err := s.Shutdown(context.Background()); err != nil {
+		log.Printf("[proxy] Error in Shutdown: %v", err)
+	}
+
+	return nil
+}
+
+// copyHeaders clones the header values from the source into the destination.
+func copyHeaders(destination http.Header, source *http.Header) {
+	for k, v := range *source {
+		vClone := make([]string, len(v))
+		copy(vClone, v)
+		destination[k] = vClone
+	}
+}
+
+type proxyState struct {
+	Host string
+}
+
+func makeProxy(ps *proxyState) func(w http.ResponseWriter, r *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
+
+		query := ""
+		if len(r.URL.RawQuery) > 0 {
+			query = "?" + r.URL.RawQuery
+		}
+
+		upstream := fmt.Sprintf("http://%s%s%s", ps.Host, r.URL.Path, query)
+		fmt.Printf("[faasd] proxy: %s\n", upstream)
+
+		if r.Body != nil {
+			defer r.Body.Close()
+		}
+
+		wrapper := ioutil.NopCloser(r.Body)
+		upReq, upErr := http.NewRequest(r.Method, upstream, wrapper)
+
+		copyHeaders(upReq.Header, &r.Header)
+
+		if upErr != nil {
+			log.Println(upErr)
+
+			http.Error(w, upErr.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		upRes, upResErr := http.DefaultClient.Do(upReq)
+
+		if upResErr != nil {
+			log.Println(upResErr)
+
+			http.Error(w, upResErr.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		copyHeaders(w.Header(), &upRes.Header)
+
+		w.WriteHeader(upRes.StatusCode)
+		io.Copy(w, upRes.Body)
+	}
+}

pkg/proxy_test.go

@@ -0,0 +1,73 @@
+package pkg
+
+import (
+	"fmt"
+	"io/ioutil"
+	"log"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"sync"
+	"testing"
+	"time"
+)
+
+func Test_Proxy_ToPrivateServer(t *testing.T) {
+
+	wantBodyText := "OK"
+	wantBody := []byte(wantBodyText)
+	upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+
+		if r.Body != nil {
+			defer r.Body.Close()
+		}
+
+		w.WriteHeader(http.StatusOK)
+		w.Write(wantBody)
+
+	}))
+
+	defer upstream.Close()
+	port := 8080
+	proxy := NewProxy(port, time.Second*1)
+
+	gwChan := make(chan string, 1)
+	doneCh := make(chan bool)
+
+	go proxy.Start(gwChan, doneCh)
+
+	u, _ := url.Parse(upstream.URL)
+	log.Println("Host", u.Host)
+	wg := sync.WaitGroup{}
+	wg.Add(1)
+	go func() {
+		gwChan <- u.Host
+		wg.Done()
+	}()
+	wg.Wait()
+
+	req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("http://127.0.0.1:%d", port), nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	for i := 1; i < 11; i++ {
+		res, err := http.DefaultClient.Do(req)
+		if err != nil {
+			t.Logf("Try %d, gave error: %s", i, err)
+
+			time.Sleep(time.Millisecond * 100)
+		} else {
+
+			resBody, _ := ioutil.ReadAll(res.Body)
+			if string(resBody) != string(wantBody) {
+				t.Errorf("want %s, but got %s in body", string(wantBody), string(resBody))
+			}
+			break
+		}
+	}
+
+	go func() {
+		doneCh <- true
+	}()
+}

pkg/service/service.go

@@ -43,6 +43,12 @@ func Remove(ctx context.Context, client *containerd.Client, name string) error {
 		if err != nil {
 			return fmt.Errorf("error deleting container %s, %s, %s", container.ID(), name, err)
 		}
+	} else {
+		service := client.SnapshotService("")
+		key := name + "snapshot"
+		if _, err := client.SnapshotService("").Stat(ctx, key); err == nil {
+			service.Remove(ctx, key)
+		}
 	}
 	return nil
 }

pkg/supervisor.go

@@ -153,7 +153,7 @@ func (s *Supervisor) Start(svcs []Service) error {
 		)
 
 		if containerCreateErr != nil {
-			log.Println(containerCreateErr)
+			log.Printf("Error creating container %s\n", containerCreateErr)
 			return containerCreateErr
 		}
 
@@ -161,7 +161,7 @@ func (s *Supervisor) Start(svcs []Service) error {
 
 		task, err := newContainer.NewTask(ctx, cio.NewCreator(cio.WithStdio))
 		if err != nil {
-			log.Println(err)
+			log.Printf("Error creating task: %s\n", err)
 			return err
 		}
 
@@ -175,20 +175,21 @@ func (s *Supervisor) Start(svcs []Service) error {
 		writeErr := ioutil.WriteFile("hosts", hosts, 0644)
 
 		if writeErr != nil {
-			log.Println("Error writing hosts file")
+			log.Printf("Error writing file %s %s\n", "hosts", writeErr)
 		}
 		// os.Chown("hosts", 101, 101)
 
-		exitStatusC, err := task.Wait(ctx)
+		_, err = task.Wait(ctx)
 		if err != nil {
-			log.Println(err)
+			log.Printf("Wait err: %s\n", err)
 			return err
 		}
-		log.Println("Exited: ", exitStatusC)
 
-		// call start on the task to execute the redis server
-		if err := task.Start(ctx); err != nil {
-			log.Println("Task err: ", err)
+		log.Printf("Task: %s\tContainer: %s\n", task.ID(), newContainer.ID())
+		// log.Println("Exited: ", exitStatusC)
+
+		if err = task.Start(ctx); err != nil {
+			log.Printf("Task err: %s\n", err)
 			return err
 		}
 	}

pkg/systemd/systemd.go

@@ -66,7 +66,7 @@ func DaemonReload() error {
 
 func InstallUnit(name string) error {
 	tmplName := "./hack/" + name + ".service"
-	tmpl, err := template.ParseFiles()
+	tmpl, err := template.ParseFiles(tmplName)
 
 	if err != nil {
 		return fmt.Errorf("error loading template %s, error %s", tmplName, err)

pkg/version.go

@@ -1,23 +1 @@
 package pkg
-
-var (
-	//GitCommit Git Commit SHA
-	GitCommit string
-	//Version version of the CLI
-	Version string
-)
-
-//GetVersion get latest version
-func GetVersion() string {
-	if len(Version) == 0 {
-		return "dev"
-	}
-	return Version
-}
-
-const Logo = `  __                     _ 
- / _| __ _  __ _ ___  __| |
-| |_ / _` + "`" + ` |/ _` + "`" + ` / __|/ _` + "`" + ` |
-|  _| (_| | (_| \__ \ (_| |
-|_|  \__,_|\__,_|___/\__,_|
-`

vendor/github.com/sethvargo/go-password/LICENSE

@@ -0,0 +1,20 @@
+Copyright 2017 Seth Vargo <seth@sethvargo.com>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

vendor/github.com/sethvargo/go-password/password/generate.go

@@ -0,0 +1,253 @@
+// Package password provides a library for generating high-entropy random
+// password strings via the crypto/rand package.
+//
+//    res, err := Generate(64, 10, 10, false, false)
+//    if err != nil  {
+//      log.Fatal(err)
+//    }
+//    log.Printf(res)
+//
+// Most functions are safe for concurrent use.
+package password
+
+import (
+	"crypto/rand"
+	"errors"
+	"math/big"
+	"strings"
+)
+
+// Built-time checks that the generators implement the interface.
+var _ PasswordGenerator = (*Generator)(nil)
+
+// PasswordGenerator is an interface that implements the Generate function. This
+// is useful for testing where you can pass this interface instead of a real
+// password generator to mock responses for predicability.
+type PasswordGenerator interface {
+	Generate(int, int, int, bool, bool) (string, error)
+	MustGenerate(int, int, int, bool, bool) string
+}
+
+const (
+	// LowerLetters is the list of lowercase letters.
+	LowerLetters = "abcdefghijklmnopqrstuvwxyz"
+
+	// UpperLetters is the list of uppercase letters.
+	UpperLetters = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+
+	// Digits is the list of permitted digits.
+	Digits = "0123456789"
+
+	// Symbols is the list of symbols.
+	Symbols = "~!@#$%^&*()_+`-={}|[]\\:\"<>?,./"
+)
+
+var (
+	// ErrExceedsTotalLength is the error returned with the number of digits and
+	// symbols is greater than the total length.
+	ErrExceedsTotalLength = errors.New("number of digits and symbols must be less than total length")
+
+	// ErrLettersExceedsAvailable is the error returned with the number of letters
+	// exceeds the number of available letters and repeats are not allowed.
+	ErrLettersExceedsAvailable = errors.New("number of letters exceeds available letters and repeats are not allowed")
+
+	// ErrDigitsExceedsAvailable is the error returned with the number of digits
+	// exceeds the number of available digits and repeats are not allowed.
+	ErrDigitsExceedsAvailable = errors.New("number of digits exceeds available digits and repeats are not allowed")
+
+	// ErrSymbolsExceedsAvailable is the error returned with the number of symbols
+	// exceeds the number of available symbols and repeats are not allowed.
+	ErrSymbolsExceedsAvailable = errors.New("number of symbols exceeds available symbols and repeats are not allowed")
+)
+
+// Generator is the stateful generator which can be used to customize the list
+// of letters, digits, and/or symbols.
+type Generator struct {
+	lowerLetters string
+	upperLetters string
+	digits       string
+	symbols      string
+}
+
+// GeneratorInput is used as input to the NewGenerator function.
+type GeneratorInput struct {
+	LowerLetters string
+	UpperLetters string
+	Digits       string
+	Symbols      string
+}
+
+// NewGenerator creates a new Generator from the specified configuration. If no
+// input is given, all the default values are used. This function is safe for
+// concurrent use.
+func NewGenerator(i *GeneratorInput) (*Generator, error) {
+	if i == nil {
+		i = new(GeneratorInput)
+	}
+
+	g := &Generator{
+		lowerLetters: i.LowerLetters,
+		upperLetters: i.UpperLetters,
+		digits:       i.Digits,
+		symbols:      i.Symbols,
+	}
+
+	if g.lowerLetters == "" {
+		g.lowerLetters = LowerLetters
+	}
+
+	if g.upperLetters == "" {
+		g.upperLetters = UpperLetters
+	}
+
+	if g.digits == "" {
+		g.digits = Digits
+	}
+
+	if g.symbols == "" {
+		g.symbols = Symbols
+	}
+
+	return g, nil
+}
+
+// Generate generates a password with the given requirements. length is the
+// total number of characters in the password. numDigits is the number of digits
+// to include in the result. numSymbols is the number of symbols to include in
+// the result. noUpper excludes uppercase letters from the results. allowRepeat
+// allows characters to repeat.
+//
+// The algorithm is fast, but it's not designed to be performant; it favors
+// entropy over speed. This function is safe for concurrent use.
+func (g *Generator) Generate(length, numDigits, numSymbols int, noUpper, allowRepeat bool) (string, error) {
+	letters := g.lowerLetters
+	if !noUpper {
+		letters += g.upperLetters
+	}
+
+	chars := length - numDigits - numSymbols
+	if chars < 0 {
+		return "", ErrExceedsTotalLength
+	}
+
+	if !allowRepeat && chars > len(letters) {
+		return "", ErrLettersExceedsAvailable
+	}
+
+	if !allowRepeat && numDigits > len(g.digits) {
+		return "", ErrDigitsExceedsAvailable
+	}
+
+	if !allowRepeat && numSymbols > len(g.symbols) {
+		return "", ErrSymbolsExceedsAvailable
+	}
+
+	var result string
+
+	// Characters
+	for i := 0; i < chars; i++ {
+		ch, err := randomElement(letters)
+		if err != nil {
+			return "", err
+		}
+
+		if !allowRepeat && strings.Contains(result, ch) {
+			i--
+			continue
+		}
+
+		result, err = randomInsert(result, ch)
+		if err != nil {
+			return "", err
+		}
+	}
+
+	// Digits
+	for i := 0; i < numDigits; i++ {
+		d, err := randomElement(g.digits)
+		if err != nil {
+			return "", err
+		}
+
+		if !allowRepeat && strings.Contains(result, d) {
+			i--
+			continue
+		}
+
+		result, err = randomInsert(result, d)
+		if err != nil {
+			return "", err
+		}
+	}
+
+	// Symbols
+	for i := 0; i < numSymbols; i++ {
+		sym, err := randomElement(g.symbols)
+		if err != nil {
+			return "", err
+		}
+
+		if !allowRepeat && strings.Contains(result, sym) {
+			i--
+			continue
+		}
+
+		result, err = randomInsert(result, sym)
+		if err != nil {
+			return "", err
+		}
+	}
+
+	return result, nil
+}
+
+// MustGenerate is the same as Generate, but panics on error.
+func (g *Generator) MustGenerate(length, numDigits, numSymbols int, noUpper, allowRepeat bool) string {
+	res, err := g.Generate(length, numDigits, numSymbols, noUpper, allowRepeat)
+	if err != nil {
+		panic(err)
+	}
+	return res
+}
+
+// Generate is the package shortcut for Generator.Generate.
+func Generate(length, numDigits, numSymbols int, noUpper, allowRepeat bool) (string, error) {
+	gen, err := NewGenerator(nil)
+	if err != nil {
+		return "", err
+	}
+
+	return gen.Generate(length, numDigits, numSymbols, noUpper, allowRepeat)
+}
+
+// MustGenerate is the package shortcut for Generator.MustGenerate.
+func MustGenerate(length, numDigits, numSymbols int, noUpper, allowRepeat bool) string {
+	res, err := Generate(length, numDigits, numSymbols, noUpper, allowRepeat)
+	if err != nil {
+		panic(err)
+	}
+	return res
+}
+
+// randomInsert randomly inserts the given value into the given string.
+func randomInsert(s, val string) (string, error) {
+	if s == "" {
+		return val, nil
+	}
+
+	n, err := rand.Int(rand.Reader, big.NewInt(int64(len(s)+1)))
+	if err != nil {
+		return "", err
+	}
+	i := n.Int64()
+	return s[0:i] + val + s[i:], nil
+}
+
+// randomElement extracts a random element from the given string.
+func randomElement(s string) (string, error) {
+	n, err := rand.Int(rand.Reader, big.NewInt(int64(len(s))))
+	if err != nil {
+		return "", err
+	}
+	return string(s[n.Int64()]), nil
+}

vendor/github.com/sethvargo/go-password/password/mock.go

@@ -0,0 +1,39 @@
+package password
+
+// Built-time checks that the generators implement the interface.
+var _ PasswordGenerator = (*mockGenerator)(nil)
+
+type mockGenerator struct {
+	result string
+	err    error
+}
+
+// NewMockGenerator creates a new generator that satisfies the PasswordGenerator
+// interface. If an error is provided, the error is returned. If a result if
+// provided, the result is always returned, regardless of what parameters are
+// passed into the Generate or MustGenerate methods.
+//
+// This function is most useful for tests where you want to have predicable
+// results for a transitive resource that depends on go-password.
+func NewMockGenerator(result string, err error) *mockGenerator {
+	return &mockGenerator{
+		result: result,
+		err:    err,
+	}
+}
+
+// Generate returns the mocked result or error.
+func (g *mockGenerator) Generate(int, int, int, bool, bool) (string, error) {
+	if g.err != nil {
+		return "", g.err
+	}
+	return g.result, nil
+}
+
+// MustGenerate returns the mocked result or panics if an error was given.
+func (g *mockGenerator) MustGenerate(int, int, int, bool, bool) string {
+	if g.err != nil {
+		panic(g.err)
+	}
+	return g.result
+}