diff --git a/deploy/overlays/dev-template/kustomization.yaml b/deploy/overlays/dev-template/kustomization.yaml
index 1d0e5f9c1..43dcc22a3 100644
--- a/deploy/overlays/dev-template/kustomization.yaml
+++ b/deploy/overlays/dev-template/kustomization.yaml
@@ -8,6 +8,7 @@ resources:
- ../../operator/overlays/dev-template
# - ../../console/overlays/dev-template
- quota.yaml
+- rbac.yaml
patches:
- path: config.yaml
diff --git a/deploy/overlays/dev-template/rbac.yaml b/deploy/overlays/dev-template/rbac.yaml
new file mode 100644
index 000000000..d78f0b9b0
--- /dev/null
+++ b/deploy/overlays/dev-template/rbac.yaml
@@ -0,0 +1,65 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: jbs-management
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-edit: "true"
+rules:
+ - apiGroups:
+ - jvmbuildservice.io
+ resources:
+ - artifactbuilds
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - patch
+ - update
+ - delete
+ - apiGroups:
+ - jvmbuildservice.io
+ resources:
+ - jbsconfigs
+ verbs:
+ - get
+ - list
+ - watch
+ - patch
+ - update
+ - apiGroups:
+ - tekton.dev
+ resources:
+ - taskruns/status
+ - pipelineruns/status
+ - taskruns/status
+ - pipelineruns/status
+ verbs:
+ - get
+ - list
+ - watch
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: jbs-management
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: jbs-management
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: jbs-management
+subjects:
+ - kind: ServiceAccount
+ name: jbs-management
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: jbs-management-secret
+ annotations:
+ kubernetes.io/service-account.name: jbs-management
+type: kubernetes.io/service-account-token
diff --git a/java-components/management-console/pom.xml b/java-components/management-console/pom.xml
index 194721c0b..36f8b38f1 100644
--- a/java-components/management-console/pom.xml
+++ b/java-components/management-console/pom.xml
@@ -9,6 +9,10 @@
999-SNAPSHOT
management-console
+
+ yyyyMMddHHmmss
+ ${maven.build.timestamp}
+
io.github.redhat-appstudio.jvmbuild
diff --git a/java-components/management-console/src/main/java/com/redhat/hacbs/management/watcher/InitialUserSetup.java b/java-components/management-console/src/main/java/com/redhat/hacbs/management/watcher/InitialUserSetup.java
index 07be589f4..f3d9d5124 100644
--- a/java-components/management-console/src/main/java/com/redhat/hacbs/management/watcher/InitialUserSetup.java
+++ b/java-components/management-console/src/main/java/com/redhat/hacbs/management/watcher/InitialUserSetup.java
@@ -7,6 +7,7 @@
import java.util.Objects;
import jakarta.annotation.PostConstruct;
+import jakarta.enterprise.inject.Instance;
import jakarta.inject.Inject;
import org.eclipse.microprofile.config.inject.ConfigProperty;
@@ -32,43 +33,52 @@ public class InitialUserSetup {
public static final String JBS_USER_SECRET = "jbs-user-secret";
@Inject
- KubernetesClient kubernetesClient;
+ Instance kubernetesClient;
@ConfigProperty(name = "kube.disabled", defaultValue = "false")
boolean disabled;
@PostConstruct
public void setup() {
- if ((LaunchMode.current() == LaunchMode.TEST
- && !Objects.equals(System.getProperty(Config.KUBERNETES_NAMESPACE_SYSTEM_PROPERTY), "test")) || disabled) {
- //don't start in tests, as kube might not be present
- Log.warnf("Kubernetes client disabled so unable to initiate admin user setup");
- return;
+ String userName = "admin";
+ String password = System.getenv("JBS_ADMIN_PASSWORD");
+ if (password == null) {
+ if ((LaunchMode.current() == LaunchMode.TEST
+ && !Objects.equals(System.getProperty(Config.KUBERNETES_NAMESPACE_SYSTEM_PROPERTY), "test")) || disabled) {
+ //don't start in tests, as kube might not be present
+ Log.warnf("Kubernetes client disabled so unable to initiate admin user setup");
+ return;
+ }
+ Secret secret = kubernetesClient.get().resources(Secret.class).withName(JBS_USER_SECRET).get();
+ if (secret == null) {
+ var sr = new SecureRandom();
+ byte[] data = new byte[21];
+ sr.nextBytes(data);
+ var pw = Base64.getEncoder().encodeToString(data);
+ secret = new Secret();
+ secret.setMetadata(new ObjectMeta());
+ secret.getMetadata().setName(JBS_USER_SECRET);
+ secret.setData(Map.of("username", Base64.getEncoder().encodeToString("admin".getBytes(StandardCharsets.UTF_8)),
+ "password", Base64.getEncoder().encodeToString(pw.getBytes(StandardCharsets.UTF_8))));
+ kubernetesClient.get().resource(secret).create();
+ }
+ userName = new String(Base64.getDecoder().decode(secret.getData().get("username")), StandardCharsets.UTF_8);
+ password = new String(Base64.getDecoder().decode(secret.getData().get("password")), StandardCharsets.UTF_8);
+ } else {
+ Log.infof("Initial user set in JBS_ADMIN_PASSWORD");
}
- Secret secret = kubernetesClient.resources(Secret.class).withName(JBS_USER_SECRET).get();
- if (secret == null) {
- var sr = new SecureRandom();
- byte[] data = new byte[21];
- sr.nextBytes(data);
- var pw = Base64.getEncoder().encodeToString(data);
- secret = new Secret();
- secret.setMetadata(new ObjectMeta());
- secret.getMetadata().setName(JBS_USER_SECRET);
- secret.setData(Map.of("username", Base64.getEncoder().encodeToString("admin".getBytes(StandardCharsets.UTF_8)),
- "password", Base64.getEncoder().encodeToString(pw.getBytes(StandardCharsets.UTF_8))));
- kubernetesClient.resource(secret).create();
- }
- var userName = new String(Base64.getDecoder().decode(secret.getData().get("username")), StandardCharsets.UTF_8);
- var password = new String(Base64.getDecoder().decode(secret.getData().get("password")), StandardCharsets.UTF_8);
+ var u = userName;
+ var p = password;
User user = User.find("username", userName).firstResult();
if (user == null) {
+ Log.infof("Creating initial user");
QuarkusTransaction.requiringNew().run(new Runnable() {
@Override
public void run() {
User user = new User();
- user.username = userName;
- user.pass = BcryptUtil.bcryptHash(password);
+ user.username = u;
+ user.pass = BcryptUtil.bcryptHash(p);
user.persistAndFlush();
}
});