From 8a1cef2db4bc21ccaeff7cdba7baec4a1795e282 Mon Sep 17 00:00:00 2001 From: Rohan Kumar Date: Fri, 8 Nov 2024 13:49:39 +0530 Subject: [PATCH] feat : Generate developer password instead of hardcoded value (#2539) Signed-off-by: Rohan Kumar --- cmd/crc/cmd/console.go | 2 +- cmd/crc/cmd/console_test.go | 41 ++++++++++++++------------- pkg/crc/api/api_client_test.go | 1 + pkg/crc/api/api_http_test.go | 6 ++-- pkg/crc/cluster/kubeadmin_password.go | 26 +++++++++-------- pkg/crc/constants/constants.go | 4 +++ pkg/crc/machine/fakemachine/client.go | 1 + pkg/crc/machine/machine.go | 7 ++++- pkg/crc/machine/start.go | 5 +++- pkg/crc/machine/types/types.go | 1 + 10 files changed, 56 insertions(+), 38 deletions(-) diff --git a/cmd/crc/cmd/console.go b/cmd/crc/cmd/console.go index bdd5c6a385..f95c42c8b6 100644 --- a/cmd/crc/cmd/console.go +++ b/cmd/crc/cmd/console.go @@ -123,7 +123,7 @@ func toConsoleClusterConfig(result *client.ConsoleResult) *clusterConfig { }, DeveloperCredentials: credentials{ Username: "developer", - Password: "developer", + Password: result.ClusterConfig.DeveloperPass, }, } } diff --git a/cmd/crc/cmd/console_test.go b/cmd/crc/cmd/console_test.go index 0910dfb809..ab83781c36 100644 --- a/cmd/crc/cmd/console_test.go +++ b/cmd/crc/cmd/console_test.go @@ -20,6 +20,7 @@ var DummyClusterConfig = types.ClusterConfig{ ClusterCACert: "MIIDODCCAiCgAwIBAgIIRVfCKNUa1wIwDQYJ", KubeConfig: "/tmp/kubeconfig", KubeAdminPass: "foobar", + DeveloperPass: "foobar", ClusterAPI: "https://foo.testing:6443", WebConsoleURL: "https://console.foo.testing:6443", ProxyConfig: nil, @@ -60,9 +61,9 @@ func TestConsolePlainError(t *testing.T) { } func TestConsoleWithPrintCredentialsPlainSuccess(t *testing.T) { - expectedOut := fmt.Sprintf(`To login as a regular user, run 'oc login -u developer -p developer %s'. + expectedOut := fmt.Sprintf(`To login as a regular user, run 'oc login -u developer -p %s %s'. To login as an admin, run 'oc login -u kubeadmin -p %s %s' -`, fakemachine.DummyClusterConfig.ClusterAPI, fakemachine.DummyClusterConfig.KubeAdminPass, fakemachine.DummyClusterConfig.ClusterAPI) +`, fakemachine.DummyClusterConfig.DeveloperPass, fakemachine.DummyClusterConfig.ClusterAPI, fakemachine.DummyClusterConfig.KubeAdminPass, fakemachine.DummyClusterConfig.ClusterAPI) out := new(bytes.Buffer) assert.NoError(t, runConsole(out, setUpClientForConsole(t), false, true, "")) assert.Equal(t, expectedOut, out.String()) @@ -70,9 +71,9 @@ To login as an admin, run 'oc login -u kubeadmin -p %s %s' func TestConsoleWithPrintCredentialsAndURLPlainSuccess(t *testing.T) { expectedOut := fmt.Sprintf(`%s -To login as a regular user, run 'oc login -u developer -p developer %s'. +To login as a regular user, run 'oc login -u developer -p %s %s'. To login as an admin, run 'oc login -u kubeadmin -p %s %s' -`, fakemachine.DummyClusterConfig.WebConsoleURL, fakemachine.DummyClusterConfig.ClusterAPI, fakemachine.DummyClusterConfig.KubeAdminPass, fakemachine.DummyClusterConfig.ClusterAPI) +`, fakemachine.DummyClusterConfig.WebConsoleURL, fakemachine.DummyClusterConfig.DeveloperPass, fakemachine.DummyClusterConfig.ClusterAPI, fakemachine.DummyClusterConfig.KubeAdminPass, fakemachine.DummyClusterConfig.ClusterAPI) out := new(bytes.Buffer) assert.NoError(t, runConsole(out, setUpClientForConsole(t), true, true, "")) assert.Equal(t, expectedOut, out.String()) @@ -80,22 +81,22 @@ To login as an admin, run 'oc login -u kubeadmin -p %s %s' func TestConsoleJSONSuccess(t *testing.T) { expectedJSONOut := fmt.Sprintf(`{ - "success": true, - "clusterConfig": { - "clusterType": "openshift", - "cacert": "%s", - "webConsoleUrl": "%s", - "url": "%s", - "adminCredentials": { - "username": "kubeadmin", - "password": "%s" - }, - "developerCredentials": { - "username": "developer", - "password": "developer" - } - } -}`, fakemachine.DummyClusterConfig.ClusterCACert, fakemachine.DummyClusterConfig.WebConsoleURL, fakemachine.DummyClusterConfig.ClusterAPI, fakemachine.DummyClusterConfig.KubeAdminPass) + "success": true, + "clusterConfig": { + "clusterType": "openshift", + "cacert": "%s", + "webConsoleUrl": "%s", + "url": "%s", + "adminCredentials": { + "username": "kubeadmin", + "password": "%s" + }, + "developerCredentials": { + "username": "developer", + "password": "%s" + } + } + }`, fakemachine.DummyClusterConfig.ClusterCACert, fakemachine.DummyClusterConfig.WebConsoleURL, fakemachine.DummyClusterConfig.ClusterAPI, fakemachine.DummyClusterConfig.KubeAdminPass, fakemachine.DummyClusterConfig.DeveloperPass) out := new(bytes.Buffer) assert.NoError(t, runConsole(out, setUpClientForConsole(t), false, false, jsonFormat)) assert.JSONEq(t, expectedJSONOut, out.String()) diff --git a/pkg/crc/api/api_client_test.go b/pkg/crc/api/api_client_test.go index 84b5f39010..619026c610 100644 --- a/pkg/crc/api/api_client_test.go +++ b/pkg/crc/api/api_client_test.go @@ -94,6 +94,7 @@ func TestStart(t *testing.T) { ClusterCACert: "MIIDODCCAiCgAwIBAgIIRVfCKNUa1wIwDQYJ", KubeConfig: "/tmp/kubeconfig", KubeAdminPass: "foobar", + DeveloperPass: "foobar", ClusterAPI: "https://foo.testing:6443", WebConsoleURL: "https://console.foo.testing:6443", ProxyConfig: nil, diff --git a/pkg/crc/api/api_http_test.go b/pkg/crc/api/api_http_test.go index f8219bf2ec..7096a8e44b 100644 --- a/pkg/crc/api/api_http_test.go +++ b/pkg/crc/api/api_http_test.go @@ -167,11 +167,11 @@ var testCases = []testCase{ // start { request: post("start"), - response: jSon(`{"Status":"","ClusterConfig":{"ClusterType":"openshift","ClusterCACert":"MIIDODCCAiCgAwIBAgIIRVfCKNUa1wIwDQYJ","KubeConfig":"/tmp/kubeconfig","KubeAdminPass":"foobar","ClusterAPI":"https://foo.testing:6443","WebConsoleURL":"https://console.foo.testing:6443","ProxyConfig":null},"KubeletStarted":true}`), + response: jSon(`{"Status":"","ClusterConfig":{"ClusterType":"openshift","ClusterCACert":"MIIDODCCAiCgAwIBAgIIRVfCKNUa1wIwDQYJ","KubeConfig":"/tmp/kubeconfig","KubeAdminPass":"foobar","DeveloperPass":"foobar","ClusterAPI":"https://foo.testing:6443","WebConsoleURL":"https://console.foo.testing:6443","ProxyConfig":null},"KubeletStarted":true}`), }, { request: get("start"), - response: jSon(`{"Status":"","ClusterConfig":{"ClusterType":"openshift","ClusterCACert":"MIIDODCCAiCgAwIBAgIIRVfCKNUa1wIwDQYJ","KubeConfig":"/tmp/kubeconfig","KubeAdminPass":"foobar","ClusterAPI":"https://foo.testing:6443","WebConsoleURL":"https://console.foo.testing:6443","ProxyConfig":null},"KubeletStarted":true}`), + response: jSon(`{"Status":"","ClusterConfig":{"ClusterType":"openshift","ClusterCACert":"MIIDODCCAiCgAwIBAgIIRVfCKNUa1wIwDQYJ","KubeConfig":"/tmp/kubeconfig","KubeAdminPass":"foobar","DeveloperPass":"foobar","ClusterAPI":"https://foo.testing:6443","WebConsoleURL":"https://console.foo.testing:6443","ProxyConfig":null},"KubeletStarted":true}`), }, // start with failure @@ -273,7 +273,7 @@ var testCases = []testCase{ // webconsoleurl { request: get("webconsoleurl"), - response: jSon(`{"ClusterConfig":{"ClusterType":"openshift","ClusterCACert":"MIIDODCCAiCgAwIBAgIIRVfCKNUa1wIwDQYJ","KubeConfig":"/tmp/kubeconfig","KubeAdminPass":"foobar","ClusterAPI":"https://foo.testing:6443","WebConsoleURL":"https://console.foo.testing:6443","ProxyConfig":null},"State":"Running"}`), + response: jSon(`{"ClusterConfig":{"ClusterType":"openshift","ClusterCACert":"MIIDODCCAiCgAwIBAgIIRVfCKNUa1wIwDQYJ","KubeConfig":"/tmp/kubeconfig","KubeAdminPass":"foobar","DeveloperPass":"foobar","ClusterAPI":"https://foo.testing:6443","WebConsoleURL":"https://console.foo.testing:6443","ProxyConfig":null},"State":"Running"}`), }, // webconsoleurl with failure diff --git a/pkg/crc/cluster/kubeadmin_password.go b/pkg/crc/cluster/kubeadmin_password.go index f8beb9fb13..c5d413d298 100644 --- a/pkg/crc/cluster/kubeadmin_password.go +++ b/pkg/crc/cluster/kubeadmin_password.go @@ -17,15 +17,14 @@ import ( "golang.org/x/crypto/bcrypt" ) -// GenerateKubeAdminUserPassword creates and put updated kubeadmin password to ~/.crc/machine/crc/kubeadmin-password -func GenerateKubeAdminUserPassword() error { - logging.Infof("Generating new password for the kubeadmin user") - kubeAdminPasswordFile := constants.GetKubeAdminPasswordPath() +// GenerateUserPassword creates and put updated kubeadmin password to ~/.crc/machine/crc/kubeadmin-password +func GenerateUserPassword(passwordFile string, user string) error { + logging.Infof("Generating new password for the %s user", user) kubeAdminPassword, err := GenerateRandomPasswordHash(23) if err != nil { - return fmt.Errorf("Cannot generate the kubeadmin user password: %w", err) + return fmt.Errorf("cannot generate the %s user password: %w", user, err) } - return os.WriteFile(kubeAdminPasswordFile, []byte(kubeAdminPassword), 0600) + return os.WriteFile(passwordFile, []byte(kubeAdminPassword), 0600) } // UpdateKubeAdminUserPassword updates the htpasswd secret @@ -37,12 +36,16 @@ func UpdateKubeAdminUserPassword(ctx context.Context, ocConfig oc.Config, newPas } } - kubeAdminPassword, err := GetKubeadminPassword() + kubeAdminPassword, err := GetUserPassword(constants.GetKubeAdminPasswordPath()) if err != nil { - return fmt.Errorf("Cannot read the kubeadmin user password from file: %w", err) + return fmt.Errorf("cannot read the kubeadmin user password from file: %w", err) + } + developerPassword, err := GetUserPassword(constants.GetDeveloperPasswordPath()) + if err != nil { + return fmt.Errorf("cannot read the developer user password from file: %w", err) } credentials := map[string]string{ - "developer": "developer", + "developer": developerPassword, "kubeadmin": kubeAdminPassword, } @@ -77,9 +80,8 @@ func UpdateKubeAdminUserPassword(ctx context.Context, ocConfig oc.Config, newPas return nil } -func GetKubeadminPassword() (string, error) { - kubeAdminPasswordFile := constants.GetKubeAdminPasswordPath() - rawData, err := os.ReadFile(kubeAdminPasswordFile) +func GetUserPassword(passwordFile string) (string, error) { + rawData, err := os.ReadFile(passwordFile) if err != nil { return "", err } diff --git a/pkg/crc/constants/constants.go b/pkg/crc/constants/constants.go index 383ec89c2d..c76afb6ee3 100644 --- a/pkg/crc/constants/constants.go +++ b/pkg/crc/constants/constants.go @@ -194,6 +194,10 @@ func GetKubeAdminPasswordPath() string { return filepath.Join(MachineInstanceDir, DefaultName, "kubeadmin-password") } +func GetDeveloperPasswordPath() string { + return filepath.Join(MachineInstanceDir, DefaultName, "developer-password") +} + func GetWin32BackgroundLauncherDownloadURL() string { return fmt.Sprintf(BackgroundLauncherURL, version.GetWin32BackgroundLauncherVersion()) diff --git a/pkg/crc/machine/fakemachine/client.go b/pkg/crc/machine/fakemachine/client.go index b10146954b..6d367ab673 100644 --- a/pkg/crc/machine/fakemachine/client.go +++ b/pkg/crc/machine/fakemachine/client.go @@ -29,6 +29,7 @@ var DummyClusterConfig = types.ClusterConfig{ ClusterCACert: "MIIDODCCAiCgAwIBAgIIRVfCKNUa1wIwDQYJ", KubeConfig: "/tmp/kubeconfig", KubeAdminPass: "foobar", + DeveloperPass: "foobar", ClusterAPI: "https://foo.testing:6443", WebConsoleURL: "https://console.foo.testing:6443", ProxyConfig: nil, diff --git a/pkg/crc/machine/machine.go b/pkg/crc/machine/machine.go index 4e8389f0cc..5c38f64c36 100644 --- a/pkg/crc/machine/machine.go +++ b/pkg/crc/machine/machine.go @@ -21,10 +21,14 @@ func getClusterConfig(bundleInfo *bundle.CrcBundleInfo) (*types.ClusterConfig, e }, nil } - kubeadminPassword, err := cluster.GetKubeadminPassword() + kubeadminPassword, err := cluster.GetUserPassword(constants.GetKubeAdminPasswordPath()) if err != nil { return nil, fmt.Errorf("Error reading kubeadmin password from bundle %v", err) } + developerPassword, err := cluster.GetUserPassword(constants.GetDeveloperPasswordPath()) + if err != nil { + return nil, fmt.Errorf("error reading developer password from bundle %v", err) + } proxyConfig, err := getProxyConfig(bundleInfo) if err != nil { return nil, err @@ -38,6 +42,7 @@ func getClusterConfig(bundleInfo *bundle.CrcBundleInfo) (*types.ClusterConfig, e ClusterCACert: base64.StdEncoding.EncodeToString(clusterCACert), KubeConfig: bundleInfo.GetKubeConfigPath(), KubeAdminPass: kubeadminPassword, + DeveloperPass: developerPassword, WebConsoleURL: fmt.Sprintf("https://%s", bundleInfo.GetAppHostname("console-openshift-console")), ClusterAPI: fmt.Sprintf("https://%s:6443", bundleInfo.GetAPIHostname()), ProxyConfig: proxyConfig, diff --git a/pkg/crc/machine/start.go b/pkg/crc/machine/start.go index cad83b8aea..b87e13b6ca 100644 --- a/pkg/crc/machine/start.go +++ b/pkg/crc/machine/start.go @@ -682,9 +682,12 @@ func createHost(machineConfig config.MachineConfig, preset crcPreset.Preset) err return fmt.Errorf("Error generating ssh key pair: %v", err) } if preset == crcPreset.OpenShift || preset == crcPreset.OKD { - if err := cluster.GenerateKubeAdminUserPassword(); err != nil { + if err := cluster.GenerateUserPassword(constants.GetKubeAdminPasswordPath(), "kubeadmin"); err != nil { return errors.Wrap(err, "Error generating new kubeadmin password") } + if err := cluster.GenerateUserPassword(constants.GetDeveloperPasswordPath(), "developer"); err != nil { + return errors.Wrap(err, "Error generating new developer password") + } } if err := api.SetExists(vm.Name); err != nil { return fmt.Errorf("Failed to record VM existence: %s", err) diff --git a/pkg/crc/machine/types/types.go b/pkg/crc/machine/types/types.go index 3b5e5442ec..ef810a7218 100644 --- a/pkg/crc/machine/types/types.go +++ b/pkg/crc/machine/types/types.go @@ -53,6 +53,7 @@ type ClusterConfig struct { ClusterCACert string KubeConfig string KubeAdminPass string + DeveloperPass string ClusterAPI string WebConsoleURL string ProxyConfig *httpproxy.ProxyConfig