Skip to content

Commit

Permalink
Changes for the management console
Browse files Browse the repository at this point in the history
  • Loading branch information
@stuartwdouglas
stuartwdouglas committed Jan 22, 2024
1 parent b068d47 commit eba923a
Show file tree
Hide file tree
Showing 4 changed files with 103 additions and 23 deletions.
1 change: 1 addition & 0 deletions deploy/overlays/dev-template/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ resources:
- ../../operator/overlays/dev-template
# - ../../console/overlays/dev-template
- quota.yaml
- rbac.yaml

patches:
- path: config.yaml
Expand Down
65 changes: 65 additions & 0 deletions deploy/overlays/dev-template/rbac.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: jbs-management
labels:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rules:
- apiGroups:
- jvmbuildservice.io
resources:
- artifactbuilds
verbs:
- get
- list
- watch
- create
- patch
- update
- delete
- apiGroups:
- jvmbuildservice.io
resources:
- jbsconfigs
verbs:
- get
- list
- watch
- patch
- update
- apiGroups:
- tekton.dev
resources:
- taskruns/status
- pipelineruns/status
- taskruns/status
- pipelineruns/status
verbs:
- get
- list
- watch
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: jbs-management
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: jbs-management
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jbs-management
subjects:
- kind: ServiceAccount
name: jbs-management
---
apiVersion: v1
kind: Secret
metadata:
name: jbs-management-secret
annotations:
kubernetes.io/service-account.name: jbs-management
type: kubernetes.io/service-account-token
4 changes: 4 additions & 0 deletions java-components/management-console/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,10 @@
<version>999-SNAPSHOT</version>
</parent>
<artifactId>management-console</artifactId>
<properties>
<maven.build.timestamp.format>yyyyMMddHHmmss</maven.build.timestamp.format>
<quarkus.container-image.additional-tags>${maven.build.timestamp}</quarkus.container-image.additional-tags>
</properties>
<dependencies>
<dependency>
<groupId>io.github.redhat-appstudio.jvmbuild</groupId>
Expand Down
56 changes: 33 additions & 23 deletions ...anagement-console/src/main/java/com/redhat/hacbs/management/watcher/InitialUserSetup.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
import java.util.Objects;

import jakarta.annotation.PostConstruct;
import jakarta.enterprise.inject.Instance;
import jakarta.inject.Inject;

import org.eclipse.microprofile.config.inject.ConfigProperty;
Expand All @@ -32,43 +33,52 @@ public class InitialUserSetup {

public static final String JBS_USER_SECRET = "jbs-user-secret";
@Inject
KubernetesClient kubernetesClient;
Instance<KubernetesClient> kubernetesClient;

@ConfigProperty(name = "kube.disabled", defaultValue = "false")
boolean disabled;

@PostConstruct
public void setup() {
if ((LaunchMode.current() == LaunchMode.TEST
&& !Objects.equals(System.getProperty(Config.KUBERNETES_NAMESPACE_SYSTEM_PROPERTY), "test")) || disabled) {
//don't start in tests, as kube might not be present
Log.warnf("Kubernetes client disabled so unable to initiate admin user setup");
return;
String userName = "admin";
String password = System.getenv("JBS_ADMIN_PASSWORD");
if (password == null) {
if ((LaunchMode.current() == LaunchMode.TEST
&& !Objects.equals(System.getProperty(Config.KUBERNETES_NAMESPACE_SYSTEM_PROPERTY), "test")) || disabled) {
//don't start in tests, as kube might not be present
Log.warnf("Kubernetes client disabled so unable to initiate admin user setup");
return;
}
Secret secret = kubernetesClient.get().resources(Secret.class).withName(JBS_USER_SECRET).get();
if (secret == null) {
var sr = new SecureRandom();
byte[] data = new byte[21];
sr.nextBytes(data);
var pw = Base64.getEncoder().encodeToString(data);
secret = new Secret();
secret.setMetadata(new ObjectMeta());
secret.getMetadata().setName(JBS_USER_SECRET);
secret.setData(Map.of("username", Base64.getEncoder().encodeToString("admin".getBytes(StandardCharsets.UTF_8)),
"password", Base64.getEncoder().encodeToString(pw.getBytes(StandardCharsets.UTF_8))));
kubernetesClient.get().resource(secret).create();
}
userName = new String(Base64.getDecoder().decode(secret.getData().get("username")), StandardCharsets.UTF_8);
password = new String(Base64.getDecoder().decode(secret.getData().get("password")), StandardCharsets.UTF_8);
} else {
Log.infof("Initial user set in JBS_ADMIN_PASSWORD");
}

Secret secret = kubernetesClient.resources(Secret.class).withName(JBS_USER_SECRET).get();
if (secret == null) {
var sr = new SecureRandom();
byte[] data = new byte[21];
sr.nextBytes(data);
var pw = Base64.getEncoder().encodeToString(data);
secret = new Secret();
secret.setMetadata(new ObjectMeta());
secret.getMetadata().setName(JBS_USER_SECRET);
secret.setData(Map.of("username", Base64.getEncoder().encodeToString("admin".getBytes(StandardCharsets.UTF_8)),
"password", Base64.getEncoder().encodeToString(pw.getBytes(StandardCharsets.UTF_8))));
kubernetesClient.resource(secret).create();
}
var userName = new String(Base64.getDecoder().decode(secret.getData().get("username")), StandardCharsets.UTF_8);
var password = new String(Base64.getDecoder().decode(secret.getData().get("password")), StandardCharsets.UTF_8);
var u = userName;
var p = password;
User user = User.find("username", userName).firstResult();
if (user == null) {
Log.infof("Creating initial user");
QuarkusTransaction.requiringNew().run(new Runnable() {
@Override
public void run() {
User user = new User();
user.username = userName;
user.pass = BcryptUtil.bcryptHash(password);
user.username = u;
user.pass = BcryptUtil.bcryptHash(p);
user.persistAndFlush();
}
});
Expand Down

0 comments on commit eba923a

Please sign in to comment.