search

CloudTooling / k8s-automatisch

GNU Affero General Public License v3.0
1 stars 2 forks source link

Configuration of Admin user #13

Closed hypery2k closed 5 months ago

hypery2k commented 7 months ago

Default Admin user should be created from secret/values on IaC base

linear[bot] commented 7 months ago

OSS-1 Configuration of Admin user

barinali commented 6 months ago

@hypery2k in case the changes in this pull request could be utilized to create the initial user.

In summary;

hypery2k commented 5 months ago

Hey @barinali sorry for my late response, was occupied with other stuff.

I tested the changes, but running into race conditions when starting from scratch with the setup:

Defaulted container "app" out of: app, init-config
yarn run v1.22.19
warning package.json: License should be a valid SPDX license expression
$ node ./bin/database/convert-migrations.js && knex migrate:latest
password authentication failed for user "automatischUser"
error: password authentication failed for user "automatischUser"
    at Parser.parseErrorMessage (/automatisch/node_modules/pg-protocol/dist/parser.js:287:98)
    at Parser.handlePacket (/automatisch/node_modules/pg-protocol/dist/parser.js:126:29)
    at Parser.parse (/automatisch/node_modules/pg-protocol/dist/parser.js:39:38)
    at Socket.<anonymous> (/automatisch/node_modules/pg-protocol/dist/index.js:11:42)
    at Socket.emit (node:events:517:28)
    at addChunk (node:internal/streams/readable:368:12)
    at readableAddChunk (node:internal/streams/readable:341:9)
    at Readable.push (node:internal/streams/readable:278:10)
    at TCP.onStreamRead (node:internal/stream_base_commons:190:23)
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.

I then tried to skip the DB stuff and run a "Job" with two container, one with automatisch and one for the curl requests, skipping the DB-stuff:

          command:
            - /bin/sh
            - -c
            - |
              set -e
              cd packages/backend
              yarn start

Then I got config errors:

Defaulted container "app" out of: app, init-config
yarn run v1.22.19
warning package.json: License should be a valid SPDX license expression
$ node src/server.js
2024-06-16 04:42:10:4210 [info]: Server is listening on http://10.42.41.201:3000
2024-06-16 04:42:13:4213 [http]: HEAD / 200 1200 - 95.742 ms -
/automatisch/node_modules/db-errors/lib/dbErrors.js:19
      return new result.node.error(result.args);
             ^

DBError: password authentication failed for user "automatischUser"
    at wrapError (/automatisch/node_modules/db-errors/lib/dbErrors.js:19:14)
    at handleExecuteError (/automatisch/node_modules/objection/lib/queryBuilder/QueryBuilder.js:1123:32)
    at ExtendedQueryBuilder.execute (/automatisch/node_modules/objection/lib/queryBuilder/QueryBuilder.js:449:20)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async Config.isInstallationCompleted (file:///automatisch/packages/backend/src/models/config.js:18:40)
    at async allowInstallation (file:///automatisch/packages/backend/src/helpers/allow-installation.js:5:7) {
  nativeError: error: password authentication failed for user "automatischUser"
      at Parser.parseErrorMessage (/automatisch/node_modules/pg-protocol/dist/parser.js:287:98)
      at Parser.handlePacket (/automatisch/node_modules/pg-protocol/dist/parser.js:126:29)
      at Parser.parse (/automatisch/node_modules/pg-protocol/dist/parser.js:39:38)
      at Socket.<anonymous> (/automatisch/node_modules/pg-protocol/dist/index.js:11:42)
      at Socket.emit (node:events:517:28)
      at Socket.emit (node:domain:489:12)
      at addChunk (node:internal/streams/readable:368:12)
      at readableAddChunk (node:internal/streams/readable:341:9)
      at Readable.push (node:internal/streams/readable:278:10)
      at TCP.onStreamRead (node:internal/stream_base_commons:190:23) {

Maybe I understand the implementation not 100%, should I start a worker and then use the POST request?

The new API endpoint is currently only used for the admin account, not for general user provisioning, right?

hypery2k commented 5 months ago

sorry, was my fault. It's working now. The user get's following details:

NAME: automatisch
LAST DEPLOYED: Mon Jun 17 06:58:05 2024
NAMESPACE: test
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Application is available at: https://automatisch-test.m13t.de
To get the generated admin user credentials for user Admin User (admin@automatisch.io), run the following command:
  kubectl --namespace test get secret automatisch-admin -o jsonpath="{.data.password}" | base64 --decode

Password gets automatically generated and saved as kubernetes secret