feat : Generate developer password instead of hardcoded value (crc-or…

…g#2539)

Signed-off-by: Rohan Kumar <[email protected]>

cmd/crc/cmd/console.go

@@ -123,7 +123,7 @@ func toConsoleClusterConfig(result *client.ConsoleResult) *clusterConfig {
 		},
 		DeveloperCredentials: credentials{
 			Username: "developer",
-			Password: "developer",
+			Password: result.ClusterConfig.DeveloperPass,
 		},
 	}
 }

cmd/crc/cmd/console_test.go

@@ -20,6 +20,7 @@ var DummyClusterConfig = types.ClusterConfig{
 	ClusterCACert: "MIIDODCCAiCgAwIBAgIIRVfCKNUa1wIwDQYJ",
 	KubeConfig:    "/tmp/kubeconfig",
 	KubeAdminPass: "foobar",
+	DeveloperPass: "foobar",
 	ClusterAPI:    "https://foo.testing:6443",
 	WebConsoleURL: "https://console.foo.testing:6443",
 	ProxyConfig:   nil,
@@ -60,42 +61,42 @@ func TestConsolePlainError(t *testing.T) {
 }
 
 func TestConsoleWithPrintCredentialsPlainSuccess(t *testing.T) {
-	expectedOut := fmt.Sprintf(`To login as a regular user, run 'oc login -u developer -p developer %s'.
+	expectedOut := fmt.Sprintf(`To login as a regular user, run 'oc login -u developer -p %s %s'.
 To login as an admin, run 'oc login -u kubeadmin -p %s %s'
-`, fakemachine.DummyClusterConfig.ClusterAPI, fakemachine.DummyClusterConfig.KubeAdminPass, fakemachine.DummyClusterConfig.ClusterAPI)
+`, fakemachine.DummyClusterConfig.DeveloperPass, fakemachine.DummyClusterConfig.ClusterAPI, fakemachine.DummyClusterConfig.KubeAdminPass, fakemachine.DummyClusterConfig.ClusterAPI)
 	out := new(bytes.Buffer)
 	assert.NoError(t, runConsole(out, setUpClientForConsole(t), false, true, ""))
 	assert.Equal(t, expectedOut, out.String())
 }
 
 func TestConsoleWithPrintCredentialsAndURLPlainSuccess(t *testing.T) {
 	expectedOut := fmt.Sprintf(`%s
-To login as a regular user, run 'oc login -u developer -p developer %s'.
+To login as a regular user, run 'oc login -u developer -p %s %s'.
 To login as an admin, run 'oc login -u kubeadmin -p %s %s'
-`, fakemachine.DummyClusterConfig.WebConsoleURL, fakemachine.DummyClusterConfig.ClusterAPI, fakemachine.DummyClusterConfig.KubeAdminPass, fakemachine.DummyClusterConfig.ClusterAPI)
+`, fakemachine.DummyClusterConfig.WebConsoleURL, fakemachine.DummyClusterConfig.DeveloperPass, fakemachine.DummyClusterConfig.ClusterAPI, fakemachine.DummyClusterConfig.KubeAdminPass, fakemachine.DummyClusterConfig.ClusterAPI)
 	out := new(bytes.Buffer)
 	assert.NoError(t, runConsole(out, setUpClientForConsole(t), true, true, ""))
 	assert.Equal(t, expectedOut, out.String())
 }
 
 func TestConsoleJSONSuccess(t *testing.T) {
 	expectedJSONOut := fmt.Sprintf(`{
-  "success": true,
-  "clusterConfig": {
-    "clusterType": "openshift",
-    "cacert": "%s",
-    "webConsoleUrl": "%s",
-    "url": "%s",
-    "adminCredentials": {
-      "username": "kubeadmin",
-      "password": "%s"
-    },
-    "developerCredentials": {
-      "username": "developer",
-      "password": "developer"
-    }
-  }
-}`, fakemachine.DummyClusterConfig.ClusterCACert, fakemachine.DummyClusterConfig.WebConsoleURL, fakemachine.DummyClusterConfig.ClusterAPI, fakemachine.DummyClusterConfig.KubeAdminPass)
+	 "success": true,
+	 "clusterConfig": {
+	   "clusterType": "openshift",
+	   "cacert": "%s",
+	   "webConsoleUrl": "%s",
+	   "url": "%s",
+	   "adminCredentials": {
+	     "username": "kubeadmin",
+	     "password": "%s"
+	   },
+	   "developerCredentials": {
+	     "username": "developer",
+	     "password": "%s"
+	   }
+	 }
+	}`, fakemachine.DummyClusterConfig.ClusterCACert, fakemachine.DummyClusterConfig.WebConsoleURL, fakemachine.DummyClusterConfig.ClusterAPI, fakemachine.DummyClusterConfig.KubeAdminPass, fakemachine.DummyClusterConfig.DeveloperPass)
 	out := new(bytes.Buffer)
 	assert.NoError(t, runConsole(out, setUpClientForConsole(t), false, false, jsonFormat))
 	assert.JSONEq(t, expectedJSONOut, out.String())

pkg/crc/api/api_client_test.go

@@ -94,6 +94,7 @@ func TestStart(t *testing.T) {
 				ClusterCACert: "MIIDODCCAiCgAwIBAgIIRVfCKNUa1wIwDQYJ",
 				KubeConfig:    "/tmp/kubeconfig",
 				KubeAdminPass: "foobar",
+				DeveloperPass: "foobar",
 				ClusterAPI:    "https://foo.testing:6443",
 				WebConsoleURL: "https://console.foo.testing:6443",
 				ProxyConfig:   nil,

pkg/crc/api/api_http_test.go

@@ -167,11 +167,11 @@ var testCases = []testCase{
 	// start
 	{
 		request:  post("start"),
-		response: jSon(`{"Status":"","ClusterConfig":{"ClusterType":"openshift","ClusterCACert":"MIIDODCCAiCgAwIBAgIIRVfCKNUa1wIwDQYJ","KubeConfig":"/tmp/kubeconfig","KubeAdminPass":"foobar","ClusterAPI":"https://foo.testing:6443","WebConsoleURL":"https://console.foo.testing:6443","ProxyConfig":null},"KubeletStarted":true}`),
+		response: jSon(`{"Status":"","ClusterConfig":{"ClusterType":"openshift","ClusterCACert":"MIIDODCCAiCgAwIBAgIIRVfCKNUa1wIwDQYJ","KubeConfig":"/tmp/kubeconfig","KubeAdminPass":"foobar","DeveloperPass":"foobar","ClusterAPI":"https://foo.testing:6443","WebConsoleURL":"https://console.foo.testing:6443","ProxyConfig":null},"KubeletStarted":true}`),
 	},
 	{
 		request:  get("start"),
-		response: jSon(`{"Status":"","ClusterConfig":{"ClusterType":"openshift","ClusterCACert":"MIIDODCCAiCgAwIBAgIIRVfCKNUa1wIwDQYJ","KubeConfig":"/tmp/kubeconfig","KubeAdminPass":"foobar","ClusterAPI":"https://foo.testing:6443","WebConsoleURL":"https://console.foo.testing:6443","ProxyConfig":null},"KubeletStarted":true}`),
+		response: jSon(`{"Status":"","ClusterConfig":{"ClusterType":"openshift","ClusterCACert":"MIIDODCCAiCgAwIBAgIIRVfCKNUa1wIwDQYJ","KubeConfig":"/tmp/kubeconfig","KubeAdminPass":"foobar","DeveloperPass":"foobar","ClusterAPI":"https://foo.testing:6443","WebConsoleURL":"https://console.foo.testing:6443","ProxyConfig":null},"KubeletStarted":true}`),
 	},
 
 	// start with failure
@@ -273,7 +273,7 @@ var testCases = []testCase{
 	// webconsoleurl
 	{
 		request:  get("webconsoleurl"),
-		response: jSon(`{"ClusterConfig":{"ClusterType":"openshift","ClusterCACert":"MIIDODCCAiCgAwIBAgIIRVfCKNUa1wIwDQYJ","KubeConfig":"/tmp/kubeconfig","KubeAdminPass":"foobar","ClusterAPI":"https://foo.testing:6443","WebConsoleURL":"https://console.foo.testing:6443","ProxyConfig":null},"State":"Running"}`),
+		response: jSon(`{"ClusterConfig":{"ClusterType":"openshift","ClusterCACert":"MIIDODCCAiCgAwIBAgIIRVfCKNUa1wIwDQYJ","KubeConfig":"/tmp/kubeconfig","KubeAdminPass":"foobar","DeveloperPass":"foobar","ClusterAPI":"https://foo.testing:6443","WebConsoleURL":"https://console.foo.testing:6443","ProxyConfig":null},"State":"Running"}`),
 	},
 
 	// webconsoleurl with failure

pkg/crc/cluster/kubeadmin_password.go

@@ -17,15 +17,14 @@ import (
 	"golang.org/x/crypto/bcrypt"
 )
 
-// GenerateKubeAdminUserPassword creates and put updated kubeadmin password to ~/.crc/machine/crc/kubeadmin-password
-func GenerateKubeAdminUserPassword() error {
-	logging.Infof("Generating new password for the kubeadmin user")
-	kubeAdminPasswordFile := constants.GetKubeAdminPasswordPath()
+// GenerateUserPassword creates and put updated kubeadmin password to ~/.crc/machine/crc/kubeadmin-password
+func GenerateUserPassword(passwordFile string, user string) error {
+	logging.Infof("Generating new password for the %s user", user)
 	kubeAdminPassword, err := GenerateRandomPasswordHash(23)
 	if err != nil {
-		return fmt.Errorf("Cannot generate the kubeadmin user password: %w", err)
+		return fmt.Errorf("cannot generate the %s user password: %w", user, err)
 	}
-	return os.WriteFile(kubeAdminPasswordFile, []byte(kubeAdminPassword), 0600)
+	return os.WriteFile(passwordFile, []byte(kubeAdminPassword), 0600)
 }
 
 // UpdateKubeAdminUserPassword updates the htpasswd secret
@@ -37,12 +36,16 @@ func UpdateKubeAdminUserPassword(ctx context.Context, ocConfig oc.Config, newPas
 		}
 	}
 
-	kubeAdminPassword, err := GetKubeadminPassword()
+	kubeAdminPassword, err := GetUserPassword(constants.GetKubeAdminPasswordPath())
 	if err != nil {
-		return fmt.Errorf("Cannot read the kubeadmin user password from file: %w", err)
+		return fmt.Errorf("cannot read the kubeadmin user password from file: %w", err)
+	}
+	developerPassword, err := GetUserPassword(constants.GetDeveloperPasswordPath())
+	if err != nil {
+		return fmt.Errorf("cannot read the developer user password from file: %w", err)
 	}
 	credentials := map[string]string{
-		"developer": "developer",
+		"developer": developerPassword,
 		"kubeadmin": kubeAdminPassword,
 	}
 
@@ -77,9 +80,8 @@ func UpdateKubeAdminUserPassword(ctx context.Context, ocConfig oc.Config, newPas
 	return nil
 }
 
-func GetKubeadminPassword() (string, error) {
-	kubeAdminPasswordFile := constants.GetKubeAdminPasswordPath()
-	rawData, err := os.ReadFile(kubeAdminPasswordFile)
+func GetUserPassword(passwordFile string) (string, error) {
+	rawData, err := os.ReadFile(passwordFile)
 	if err != nil {
 		return "", err
 	}

pkg/crc/constants/constants.go

@@ -194,6 +194,10 @@ func GetKubeAdminPasswordPath() string {
 	return filepath.Join(MachineInstanceDir, DefaultName, "kubeadmin-password")
 }
 
+func GetDeveloperPasswordPath() string {
+	return filepath.Join(MachineInstanceDir, DefaultName, "developer-password")
+}
+
 func GetWin32BackgroundLauncherDownloadURL() string {
 	return fmt.Sprintf(BackgroundLauncherURL,
 		version.GetWin32BackgroundLauncherVersion())

pkg/crc/machine/fakemachine/client.go

@@ -29,6 +29,7 @@ var DummyClusterConfig = types.ClusterConfig{
 	ClusterCACert: "MIIDODCCAiCgAwIBAgIIRVfCKNUa1wIwDQYJ",
 	KubeConfig:    "/tmp/kubeconfig",
 	KubeAdminPass: "foobar",
+	DeveloperPass: "foobar",
 	ClusterAPI:    "https://foo.testing:6443",
 	WebConsoleURL: "https://console.foo.testing:6443",
 	ProxyConfig:   nil,

pkg/crc/machine/machine.go

@@ -21,10 +21,14 @@ func getClusterConfig(bundleInfo *bundle.CrcBundleInfo) (*types.ClusterConfig, e
 		}, nil
 	}
 
-	kubeadminPassword, err := cluster.GetKubeadminPassword()
+	kubeadminPassword, err := cluster.GetUserPassword(constants.GetKubeAdminPasswordPath())
 	if err != nil {
 		return nil, fmt.Errorf("Error reading kubeadmin password from bundle %v", err)
 	}
+	developerPassword, err := cluster.GetUserPassword(constants.GetDeveloperPasswordPath())
+	if err != nil {
+		return nil, fmt.Errorf("error reading developer password from bundle %v", err)
+	}
 	proxyConfig, err := getProxyConfig(bundleInfo)
 	if err != nil {
 		return nil, err
@@ -38,6 +42,7 @@ func getClusterConfig(bundleInfo *bundle.CrcBundleInfo) (*types.ClusterConfig, e
 		ClusterCACert: base64.StdEncoding.EncodeToString(clusterCACert),
 		KubeConfig:    bundleInfo.GetKubeConfigPath(),
 		KubeAdminPass: kubeadminPassword,
+		DeveloperPass: developerPassword,
 		WebConsoleURL: fmt.Sprintf("https://%s", bundleInfo.GetAppHostname("console-openshift-console")),
 		ClusterAPI:    fmt.Sprintf("https://%s:6443", bundleInfo.GetAPIHostname()),
 		ProxyConfig:   proxyConfig,

pkg/crc/machine/start.go

@@ -682,9 +682,12 @@ func createHost(machineConfig config.MachineConfig, preset crcPreset.Preset) err
 		return fmt.Errorf("Error generating ssh key pair: %v", err)
 	}
 	if preset == crcPreset.OpenShift || preset == crcPreset.OKD {
-		if err := cluster.GenerateKubeAdminUserPassword(); err != nil {
+		if err := cluster.GenerateUserPassword(constants.GetKubeAdminPasswordPath(), "kubeadmin"); err != nil {
 			return errors.Wrap(err, "Error generating new kubeadmin password")
 		}
+		if err := cluster.GenerateUserPassword(constants.GetDeveloperPasswordPath(), "developer"); err != nil {
+			return errors.Wrap(err, "Error generating new developer password")
+		}
 	}
 	if err := api.SetExists(vm.Name); err != nil {
 		return fmt.Errorf("Failed to record VM existence: %s", err)

pkg/crc/machine/types/types.go

@@ -53,6 +53,7 @@ type ClusterConfig struct {
 	ClusterCACert string
 	KubeConfig    string
 	KubeAdminPass string
+	DeveloperPass string
 	ClusterAPI    string
 	WebConsoleURL string
 	ProxyConfig   *httpproxy.ProxyConfig