Merge pull request weaveworks#3393 from ycao56/basic-auth

Add http Basic Auth

probe/appclient/probe_config.go

@@ -31,14 +31,19 @@ func init() {
 
 // ProbeConfig contains all the info needed for a probe to do HTTP requests
 type ProbeConfig struct {
+	BasicAuth    bool
 	Token        string
 	ProbeVersion string
 	ProbeID      string
 	Insecure     bool
 }
 
 func (pc ProbeConfig) authorizeHeaders(headers http.Header) {
-	headers.Set("Authorization", fmt.Sprintf("Scope-Probe token=%s", pc.Token))
+	if pc.BasicAuth {
+		headers.Set("Authorization", fmt.Sprintf("Basic %s", pc.Token))
+	} else {
+		headers.Set("Authorization", fmt.Sprintf("Scope-Probe token=%s", pc.Token))
+	}
 	headers.Set(xfer.ScopeProbeIDHeader, pc.ProbeID)
 	headers.Set(xfer.ScopeProbeVersionHeader, pc.ProbeVersion)
 }

prog/app.go

@@ -12,6 +12,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/goji/httpauth"
 	"github.com/gorilla/mux"
 	"github.com/prometheus/client_golang/prometheus"
 	log "github.com/sirupsen/logrus"
@@ -300,6 +301,13 @@ func appMain(flags appFlags) {
 		}.Wrap(handler)
 	}
 
+	if flags.basicAuth {
+		log.Infof("Basic authentication enabled")
+		handler = httpauth.SimpleBasicAuth(flags.username, flags.password)(handler)
+	} else {
+		log.Infof("Basic authentication disabled")
+	}
+
 	server := &graceful.Server{
 		// we want to manage the stop condition ourselves below
 		NoSignalHandling: true,

prog/main.go

@@ -94,6 +94,9 @@ type flags struct {
 
 type probeFlags struct {
 	printOnStdout          bool
+	basicAuth              bool
+	username               string
+	password               string
 	token                  string
 	httpListen             string
 	publishInterval        time.Duration
@@ -149,6 +152,10 @@ type appFlags struct {
 	logHTTP        bool
 	logHTTPHeaders bool
 
+	basicAuth bool
+	username  string
+	password  string
+
 	weaveEnabled   bool
 	weaveAddr      string
 	weaveHostname  string
@@ -282,6 +289,9 @@ func setupFlags(flags *flags) {
 
 	// Probe flags
 	flag.BoolVar(&flags.probe.printOnStdout, "probe.publish.stdout", false, "Print reports on stdout instead of sending to app, for debugging")
+	flag.BoolVar(&flags.probe.basicAuth, "probe.basicAuth", false, "Use basic authentication to authenticate with app")
+	flag.StringVar(&flags.probe.username, "probe.basicAuth.username", "admin", "Username for basic authentication")
+	flag.StringVar(&flags.probe.password, "probe.basicAuth.password", "admin", "Password for basic authentication")
 	flag.StringVar(&flags.probe.token, serviceTokenFlag, "", "Token to authenticate with cloud.weave.works")
 	flag.StringVar(&flags.probe.token, probeTokenFlag, "", "Token to authenticate with cloud.weave.works")
 	flag.StringVar(&flags.probe.httpListen, "probe.http.listen", "", "listen address for HTTP profiling and instrumentation server")
@@ -353,6 +363,10 @@ func setupFlags(flags *flags) {
 	flag.BoolVar(&flags.app.logHTTP, "app.log.http", false, "Log individual HTTP requests")
 	flag.BoolVar(&flags.app.logHTTPHeaders, "app.log.httpHeaders", false, "Log HTTP headers. Needs app.log.http to be enabled.")
 
+	flag.BoolVar(&flags.app.basicAuth, "app.basicAuth", false, "Enable basic authentication for app")
+	flag.StringVar(&flags.app.username, "app.basicAuth.username", "admin", "Username for basic authentication")
+	flag.StringVar(&flags.app.password, "app.basicAuth.password", "admin", "Password for basic authentication")
+
 	flag.StringVar(&flags.app.weaveAddr, "app.weave.addr", app.DefaultWeaveURL, "Address on which to contact WeaveDNS")
 	flag.StringVar(&flags.app.weaveHostname, "app.weave.hostname", "", "Hostname to advertise in WeaveDNS")
 	flag.StringVar(&flags.app.containerName, "app.container.name", app.DefaultContainerName, "Name of this container (to lookup container ID)")
@@ -449,6 +463,25 @@ func main() {
 		flags.probe.kubernetesNodeName = os.Getenv("KUBERNETES_NODENAME")
 	}
 
+	if strings.ToLower(os.Getenv("ENABLE_BASIC_AUTH")) == "true" {
+		flags.probe.basicAuth = true
+		flags.app.basicAuth = true
+	} else if strings.ToLower(os.Getenv("ENABLE_BASIC_AUTH")) == "false" {
+		flags.probe.basicAuth = false
+		flags.app.basicAuth = false
+	}
+
+	username := os.Getenv("BASIC_AUTH_USERNAME")
+	if username != "" {
+		flags.probe.username = username
+		flags.app.username = username
+	}
+	password := os.Getenv("BASIC_AUTH_PASSWORD")
+	if password != "" {
+		flags.probe.password = password
+		flags.app.password = password
+	}
+
 	if flags.dryRun {
 		return
 	}

prog/probe.go

@@ -1,6 +1,8 @@
 package main
 
 import (
+	"encoding/base64"
+	"fmt"
 	"math/rand"
 	"net"
 	"net/http"
@@ -97,6 +99,12 @@ func probeMain(flags probeFlags, targets []appclient.Target) {
 	setLogLevel(flags.logLevel)
 	setLogFormatter(flags.logPrefix)
 
+	if flags.basicAuth {
+		log.Infof("Basic authentication enabled")
+	} else {
+		log.Infof("Basic authentication disabled")
+	}
+
 	traceCloser := tracing.NewFromEnv("scope-probe")
 	defer traceCloser.Close()
 
@@ -143,7 +151,13 @@ func probeMain(flags probeFlags, targets []appclient.Target) {
 			token = url.User.Username()
 			url.User = nil // erase credentials, as we use a special header
 		}
+
+		if flags.basicAuth {
+			token = base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", flags.username, flags.password)))
+		}
+
 		probeConfig := appclient.ProbeConfig{
+			BasicAuth:    flags.basicAuth,
 			Token:        token,
 			ProbeVersion: version,
 			ProbeID:      probeID,

vendor/manifest

@@ -871,6 +871,14 @@
 			"path": "types",
 			"notests": true
 		},
+		{
+			"importpath": "github.com/goji/httpauth",
+			"repository": "https://github.com/goji/httpauth",
+			"vcs": "git",
+			"revision": "2da839ab0f4df05a6db5eb277995589dadbd4fb9",
+			"branch": "master",
+			"notests": true
+		},
 		{
 			"importpath": "github.com/golang/glog",
 			"repository": "https://github.com/golang/glog",