Adds key creation for http signatures

Resolves issue openfaas#1103

Signed-off-by: Edward Wilde <[email protected]>

deploy_stack.sh

@@ -1,67 +1,129 @@
 #!/usr/bin/env bash
 set -e
 
-if ! [ -x "$(command -v docker)" ]; then
-  echo 'Unable to find docker command, please install Docker (https://www.docker.com/) and retry' >&2
-  exit 1
-fi
+CHECK_MARK="\033[0;32m\xE2\x9C\x94\033[0m"
+PARTY_POPPER="\xF0\x9F\x8E\x89"
+DEBUG_LOG=${DEBUG_LOG:=0}
+function debug() {
+    if [[ ${DEBUG_LOG} = "1" ]]; then
+        echo -e "$*";
+    fi
+}
 
-export BASIC_AUTH="true"
+check_required_software() {
+    echo -en " Required software check"
 
-sha_cmd="shasum -a 256"
-if ! command -v shasum >/dev/null; then
-  sha_cmd="sha256sum"
-fi
+    if ! [[ -x "$(command -v docker)" ]]; then
+        echo 'Unable to find docker command, please install Docker (https://www.docker.com/) and retry' >&2
+        exit 1
+    fi
 
-while [ ! $# -eq 0 ]
+    echo -e "\r${CHECK_MARK} Required software check"
+}
+
+setup_http_signature() {
+    echo -en " Http encryption settings"
+
+    rm signing.key > /dev/null 2>&1 || true && rm signing.key.pub > /dev/null 2>&1 || true
+    docker secret rm http-signing-private-key > /dev/null 2>&1 || true
+    docker secret rm http-signing-public-key > /dev/null 2>&1 || true
+
+    ssh-keygen -t rsa -b 2048 -N "" -m PEM -f signing.key > /dev/null 2>&1
+    openssl rsa -in ./signing.key -pubout -outform PEM -out signing.key.pub > /dev/null 2>&1
+    # openssl rsa -inform PEM -pubin -in ./signing.key.pub -text
+
+    cat signing.key | docker secret create http-signing-private-key - > /dev/null 2>&1 || true
+    cat signing.key.pub | docker secret create http-signing-public-key - > /dev/null 2>&1 || true
+
+    rm signing.key || true && rm signing.key.pub || true
+    echo -e "\r${CHECK_MARK} Http encryption settings"
+}
+
+setup_basic_auth() {
+    export BASIC_AUTH="true"
+    sha_cmd="shasum -a 256"
+    if ! command -v shasum >/dev/null; then
+      sha_cmd="sha256sum"
+    fi
+
+    # Secrets should be created even if basic-auth is disabled.
+    if (echo "admin" | docker secret create basic-auth-user - > /dev/null 2>&1)
+    then
+      debug "[Credentials]\n\tusername: admin created"
+    fi
+
+    secret=$(head -c 16 /dev/urandom| $sha_cmd | cut -d " " -f 1)
+    if (echo "$secret" | docker secret create basic-auth-password - > /dev/null 2>&1)
+    then
+      echo "[Credentials]\n\tusername: admin \n\tpassword: ${secret}\n\techo -n \"${secret}\" | faas-cli login --username=admin --password-stdin"
+    else
+      debug "[Credentials]\n\talready exist, not creating"
+    fi
+
+    if [[ ${BASIC_AUTH} = "true" ]];
+    then
+      debug "\tenabling basic authentication for gateway.."
+      debug ""
+    else
+      debug "\tdisabling basic authentication for gateway.."
+      debug ""
+    fi
+
+    echo -e "\r${CHECK_MARK} Basic authentication settings"
+}
+
+deploy_docker_stack() {
+    arch=$(uname -m)
+    case "$arch" in
+
+    "armv7l") echo -en " Deploying OpenFaaS core services for ARM"
+              composefile="docker-compose.armhf.yml"
+              ;;
+    "aarch64") echo -en " Deploying OpenFaaS core services for ARM64"
+              composefile="docker-compose.arm64.yml"
+              ;;
+    *) echo -en " Deploying OpenFaaS core services"
+       composefile="docker-compose.yml"
+       ;;
+    esac
+
+    docker stack deploy func --compose-file ${composefile} > /dev/null
+    echo -e "\r${CHECK_MARK} Deploying OpenFaaS core services"
+}
+
+main() {
+    check_required_software
+    setup_basic_auth
+    setup_http_signature
+    deploy_docker_stack
+    echo -e ${PARTY_POPPER} OpenFaaS docker swarm setup complete
+}
+
+POSITIONAL=()
+while [[ $# -gt 0 ]]
 do
-	case "$1" in
-		--no-auth | -n)
-			export BASIC_AUTH="false"
-			;;
-    --help | -h)
-			echo "Usage: \n [default]\tdeploy the OpenFaaS core services\n --no-auth [-n]\tdisable basic authentication.\n --help\tdisplays this screen"
-      exit
-			;;
-	esac
-	shift
-done
+key="$1"
 
-# Secrets should be created even if basic-auth is disabled.
-echo "Attempting to create credentials for gateway.."
-echo "admin" | docker secret create basic-auth-user -
-secret=$(head -c 16 /dev/urandom| $sha_cmd | cut -d " " -f 1)
-echo "$secret" | docker secret create basic-auth-password -
-if [ $? = 0 ];
-then
-  echo "[Credentials]\n username: admin \n password: $secret\n echo -n "$secret" | faas-cli login --username=admin --password-stdin"
-else
-  echo "[Credentials]\n already exist, not creating"
-fi
-
-if [ $BASIC_AUTH = "true" ];
-then
-  echo ""
-  echo "Enabling basic authentication for gateway.."
-  echo ""
-else
-  echo ""
-  echo "Disabling basic authentication for gateway.."
-  echo ""
-fi
-
-arch=$(uname -m)
-case "$arch" in
-
-"armv7l") echo "Deploying OpenFaaS core services for ARM"
-          composefile="docker-compose.armhf.yml"
-          ;;
-"aarch64") echo "Deploying OpenFaaS core services for ARM64"
-          composefile="docker-compose.arm64.yml"
-          ;;
-*) echo "Deploying OpenFaaS core services"
-   composefile="docker-compose.yml"
-   ;;
+case $key in
+    --no-auth | -n)
+        export BASIC_AUTH="false"
+        shift
+        ;;
+    --debug | -d)
+        echo hi
+        DEBUG_LOG="1"
+        shift
+        ;;
+    --help | -h)
+        echo -e "Usage:
+[default]      deploy the OpenFaaS core services
+--no-auth [-n] disable basic authentication.
+--help         displays this screen
+--debug [-d]   enable debug logging"
+        exit
+        ;;
 esac
+done
+set -- "${POSITIONAL[@]}" # restore positional parameters
 
-docker stack deploy func --compose-file $composefile
+main