Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] Have a --dev parameter able to configure gitea and argocd with default: username/password #441

Open
1 task done
cmoulliard opened this issue Nov 8, 2024 · 4 comments
Open
1 task done

[Feature] Have a --dev parameter able to configure gitea and argocd with default: username/password #441

cmoulliard opened this issue Nov 8, 2024 · 4 comments
Labels
enhancement New feature or request

Comments

@cmoulliard
Copy link
Contributor

Have you searched for this feature request?

  • I searched but did not find similar requests

Problem Statement

Suggestion

Have a --dev parameter that we could use when we create a new cluster and able to configure gitea and argocd with default: username/password

Why ? It is really a pain when we develop locally new packages and we recreate cluster several times to have to re-log manually using the UI of gitea/argocd instead of storing in the browser's password store the username/password used for dev purposes

Possible Solution

Change the existing code

Alternatives Considered

No response
@cmoulliard cmoulliard added the enhancement New feature or request label Nov 8, 2024
@cmoulliard
Copy link
Contributor Author

cmoulliard commented Nov 8, 2024
edited
Loading

Remark: As argocd generates itself the:

  • initial password => store it part of the secret: argocd-initial-admin-secret using key: password
  • hash it => hashed pwd is stored under secret: argocd-secret using key: admin.password

See code: https://github.com/argoproj/argo-cd/blob/eb10b70e8a2e24d08137143cf01a8d9c26783b12/util/settings/settings.go#L2160-L2189

then we cannot use our own password and a different strategy should be used in this case.

The strategy could be:

  • idpbuilder when --dev parameter waits till secret: argocd-secret is created end of the cluster created
  • We patch it using to use the developer password which has been hashed using bcrypt
  • We patch also the secret argocd-initial-admin-secret to base64 the password
// bash commands to be converted of course to go code !
argocd account bcrypt --password dev
# We got the hashed password !
kubectl -n argocd patch secret argocd-secret \
        -p '{"stringData": {
      "admin.password": "BCRYPT HASHED PASSWORD",
      "admin.passwordMtime": "'$(date +%FT%T%Z)'"
    }}'

@cmoulliard
Copy link
Contributor Author

cmoulliard commented Nov 8, 2024
edited
Loading

For gitea we could pass the developer password within the code of the gitea controller here:

idpbuilder/pkg/controllers/localbuild/gitea.go

Lines 94 to 105 in 2902af3

if err != nil {
if k8serrors.IsNotFound(err) {
giteaCreds, err := newGiteaAdminSecret()
if err != nil {
return ctrl.Result{}, fmt.Errorf("generating gitea admin secret: %w", err)
}
gitea.unmanagedResources = []client.Object{&giteaCreds}
sec = giteaCreds
} else {
return ctrl.Result{}, fmt.Errorf("getting gitea secret: %w", err)
}
}

cmoulliard added a commit to ch007m/fork-idpbuilder that referenced this issue Nov 8, 2024
@cmoulliard
WIP. Create default passwords when dev mode is set. cnoe-io#441
3a974cb 
Signed-off-by: cmoulliard <[email protected]>
@cmoulliard cmoulliard mentioned this issue Nov 8, 2024
Open
@nabuskey
Copy link
Contributor

nabuskey commented Nov 8, 2024

I think I'd rather name it more like kubectl. So something like --insecure-static-password or --insecure-password.

@cmoulliard
Copy link
Contributor Author

So something like --insecure-static-password or --insecure-password.

--insecure-static-password is too long
--insecure-password is too restrictive as --dev or --devMode could help to enable some addrtional features able to debug, etc

cmoulliard added a commit to ch007m/fork-idpbuilder that referenced this issue Nov 8, 2024
@cmoulliard
Pass the proper object containing devMode to the function populating …
6d85851 
…a new password. cnoe-io#441

Signed-off-by: cmoulliard <[email protected]>
cmoulliard added a commit to ch007m/fork-idpbuilder that referenced this issue Nov 8, 2024
@cmoulliard
Adding the code to patch the argocd-secret to use the hashed password…
8dedc1e 
… - developer. Create a kubeClient part of the k8s util package. cnoe-io#441

Signed-off-by: cmoulliard <[email protected]>
cmoulliard added a commit to ch007m/fork-idpbuilder that referenced this issue Nov 8, 2024
@cmoulliard
Use cost 0 as argocd code cnoe-io#441
704bc78 
Signed-off-by: cmoulliard <[email protected]>
cmoulliard added a commit to ch007m/fork-idpbuilder that referenced this issue Nov 8, 2024
@cmoulliard
Re-creating too the inital admin secret for argocd. cnoe-io#441
ee9dc06 
Signed-off-by: cmoulliard <[email protected]>
cmoulliard added a commit to ch007m/fork-idpbuilder that referenced this issue Nov 8, 2024
@cmoulliard
Move the current time function. Generate the missing field. cnoe-io#441
d392287 
Signed-off-by: cmoulliard <[email protected]>
cmoulliard added a commit to ch007m/fork-idpbuilder that referenced this issue Nov 12, 2024
@cmoulliard
Include needed argocd k8s resources and change the code to set the de…
0c62564 
…veloper's password. cnoe-io#441

Signed-off-by: cmoulliard <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cmoulliard @nabuskey