-
Notifications
You must be signed in to change notification settings - Fork 243
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat : Add support to customize the developer account password (#2359) #4451
base: main
Are you sure you want to change the base?
Conversation
Hi @rohanKanojia. Thanks for your PR. I'm waiting for a crc-org member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
6e72835
to
2246b1e
Compare
/ok-to-test |
1d67db9
to
bf8050f
Compare
looks like |
@praveenkumar : How can I reproduce this failure locally? I'm not able to get much idea about what's wrong by looking at logs:
Could it be possible that it's an intermittent failure? |
bf8050f
to
2304098
Compare
The failure is
which corresponds to
I think @albfan did some work on snyk's false positives recently (?) |
@cfergeau: Thanks for checking. We discussed this in a crc internal Slack chat and decided to add an exception for this particular rule. |
Without this PR the |
@praveenkumar : Maybe we can add a configuration named |
@rohanKanojia I don't think it is good to have multiple config option just for developer user. |
2304098
to
5d0cbd2
Compare
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
kubeAdminPasswordFile := constants.GetKubeAdminPasswordPath() | ||
// GenerateUserPassword creates and put updated password to ~/.crc/machine/crc/ directory | ||
func GenerateUserPassword(passwordFile string, user string) error { | ||
logging.Infof("Generating new password for the %s user", user) | ||
kubeAdminPassword, err := GenerateRandomPasswordHash(23) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This could now be named password
or such, this is no longer necessarily a kubeadmin password.
|
||
kubeAdminPassword, err := GetKubeadminPassword() | ||
// UpdateUserPassword updates the htpasswd secret | ||
func UpdateUserPassword(ctx context.Context, ocConfig oc.Config, newKubeAdminPassword string, newDeveloperPassword string) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd use the plural here as there are multiple passwords involved UpdateUserPasswords
kubeAdminPassword, err := GetKubeadminPassword() | ||
// UpdateUserPassword updates the htpasswd secret | ||
func UpdateUserPassword(ctx context.Context, ocConfig oc.Config, newKubeAdminPassword string, newDeveloperPassword string) error { | ||
credentials, err := resolveUserPassword(newKubeAdminPassword, newDeveloperPassword, constants.GetKubeAdminPasswordPath(), constants.GetDeveloperPasswordPath()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here, resolveUserPasswords
@@ -50,7 +50,7 @@ func UpdateUserPassword(ctx context.Context, ocConfig oc.Config, newKubeAdminPas | |||
return nil | |||
} | |||
|
|||
logging.Infof("Changing the password for the kubeadmin user") | |||
logging.Infof("Changing the password for the users") | |||
expected, err := getHtpasswd(credentials, externals) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did this belong in the previous commit?
@@ -60,7 +60,7 @@ func UpdateUserPassword(ctx context.Context, ocConfig oc.Config, newKubeAdminPas | |||
"-n", "openshift-config", "--type", "merge"} | |||
_, stderr, err = ocConfig.RunOcCommandPrivate(cmdArgs...) | |||
if err != nil { | |||
return fmt.Errorf("Failed to update kubeadmin password %v: %s", err, stderr) | |||
return fmt.Errorf("failed to update user passwords %v: %s", err, stderr) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same question?
abd82fd
to
04d07f4
Compare
Extracted some unit tests out of crc-org#4451 as I was need them while working on crc-org#3832 These unit tests verify these scenarios for config: - when we try to set invalid key, throw error - whether default key values are as expected - whether we're able to override default values by providing new value Signed-off-by: Rohan Kumar <[email protected]>
Extracted some unit tests out of #4451 as I was need them while working on #3832 These unit tests verify these scenarios for config: - when we try to set invalid key, throw error - whether default key values are as expected - whether we're able to override default values by providing new value Signed-off-by: Rohan Kumar <[email protected]>
04d07f4
to
7fe3ca0
Compare
Can we add an integration test to verify this works as expected? |
@gbraad: Will add an e2e test to verify these scenarios:
|
…rc-org#2539) Signed-off-by: Rohan Kumar <[email protected]>
…rg#2539) Add option to set developer password for the user. ``` $ crc config set developer-password mypassword $ crc start [...] INFO Adding crc-admin and crc-developer contexts to kubeconfig... Started the OpenShift cluster. The server is accessible via web console at: https://console-openshift-console.apps-crc.testing Log in as user: Username: developer Password: mypassword ``` Signed-off-by: Rohan Kumar <[email protected]>
42b0580
to
5678d09
Compare
+ Add additional assertions in basic test to verify that when no developer password is configured, then "developer" value is used for password + Add custom_developer_password e2e test to verify that when custom developer-password configuration option is provided, then that custom value is used as developer password Signed-off-by: Rohan Kumar <[email protected]>
5678d09
to
eec9864
Compare
@rohanKanojia: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Fix #2539
Relates to: Issue #2539
Type of change
test, version modification, documentation, etc.)
Checklist
Solution/Idea
developer
string as passworddeveloper-password
Proposed changes
crc would no longer have
developer
as user password. It would be generated each time cluster is created (just like kubeadmin password). If user wants to override it, they can usedeveloper-password
configuration option in CRC config.Testing
developer-password
configuration option in CRC config, then that value is used in developer password: