Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions deploy/crds/kieapp.crd.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -346,6 +346,11 @@ spec:
description: The password to use for keystore generation.
format: password
type: string
secretAdminCredentials:
description: Name of the secret containing admin's credentials,
the keys are username and password, if the adminUser and adminPassword
are provided the secretAdminCredentials will be skipped
type: string
startupStrategy:
description: Startup strategy for Console and Kieserver
properties:
Expand Down Expand Up @@ -3221,6 +3226,12 @@ spec:
description: The password to use for keystore generation.
format: password
type: string
secretAdminCredentials:
description: Name of the secret containing admin's credentials,
the keys are username and password, if the adminUser and
adminPassword are provided the secretAdminCredentials will
be skipped
type: string
startupStrategy:
description: Startup strategy for Console and Kieserver
properties:
Expand Down
15 changes: 15 additions & 0 deletions deploy/crs/v2/snippets/auth_secret.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
apiVersion: app.kiegroup.org/v2
kind: KieApp
metadata:
name: rhapm-secret
annotations:
consoleName: snippet-secret-credentials-config
consoleTitle: Use secret credentials
consoleDesc: Use this snippet to specify admin credentials with a secret
consoleSnippet: true
spec:
commonConfig:
# By default is the cr.Name
applicationName: other
# Secret containing username and password keys
secretAdminCredentials: kie-admin-credentials
11 changes: 11 additions & 0 deletions deploy/olm-catalog/dev/7.13.0-1/manifests/kieapp.crd.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -346,6 +346,11 @@ spec:
description: The password to use for keystore generation.
format: password
type: string
secretAdminCredentials:
description: Name of the secret containing admin's credentials,
the keys are username and password, if the adminUser and adminPassword
are provided the secretAdminCredentials will be skipped
type: string
startupStrategy:
description: Startup strategy for Console and Kieserver
properties:
Expand Down Expand Up @@ -3221,6 +3226,12 @@ spec:
description: The password to use for keystore generation.
format: password
type: string
secretAdminCredentials:
description: Name of the secret containing admin's credentials,
the keys are username and password, if the adminUser and
adminPassword are provided the secretAdminCredentials will
be skipped
type: string
startupStrategy:
description: Startup strategy for Console and Kieserver
properties:
Expand Down
11 changes: 11 additions & 0 deletions deploy/olm-catalog/prod/7.13.0-1/manifests/kieapp.crd.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -346,6 +346,11 @@ spec:
description: The password to use for keystore generation.
format: password
type: string
secretAdminCredentials:
description: Name of the secret containing admin's credentials,
the keys are username and password, if the adminUser and adminPassword
are provided the secretAdminCredentials will be skipped
type: string
startupStrategy:
description: Startup strategy for Console and Kieserver
properties:
Expand Down Expand Up @@ -3221,6 +3226,12 @@ spec:
description: The password to use for keystore generation.
format: password
type: string
secretAdminCredentials:
description: Name of the secret containing admin's credentials,
the keys are username and password, if the adminUser and
adminPassword are provided the secretAdminCredentials will
be skipped
type: string
startupStrategy:
description: Startup strategy for Console and Kieserver
properties:
Expand Down
11 changes: 11 additions & 0 deletions deploy/olm-catalog/test/7.13.0-1/manifests/kieapp.crd.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -346,6 +346,11 @@ spec:
description: The password to use for keystore generation.
format: password
type: string
secretAdminCredentials:
description: Name of the secret containing admin's credentials,
the keys are username and password, if the adminUser and adminPassword
are provided the secretAdminCredentials will be skipped
type: string
startupStrategy:
description: Startup strategy for Console and Kieserver
properties:
Expand Down Expand Up @@ -3221,6 +3226,12 @@ spec:
description: The password to use for keystore generation.
format: password
type: string
secretAdminCredentials:
description: Name of the secret containing admin's credentials,
the keys are username and password, if the adminUser and
adminPassword are provided the secretAdminCredentials will
be skipped
type: string
startupStrategy:
description: Startup strategy for Console and Kieserver
properties:
Expand Down
63 changes: 50 additions & 13 deletions deploy/ui/form.json
Original file line number Diff line number Diff line change
Expand Up @@ -107,26 +107,63 @@
]
},
{
"label": "Admin user",
"type": "fieldGroup",
"label": "Admin user configuration",
"type": "dropDown",
"required": false,
"jsonPath": "$.spec.commonConfig",
"visible": true,
"default": "default",
"options": [
{
"value": "secret",
"label": "Secret configuration"
},
{
"value": "default",
"label": "Username and Password configuration"
}
],
"fields": [
{
"label": "Username",
"default": "adminUser",
"label": "Username and password",
"type": "fieldGroup",
"required": false,
"description": "Administrative username for RHPAM components",
"jsonPath": "$.spec.commonConfig.adminUser",
"type": "text"
"jsonPath": "$.spec.commonConfig",
"displayWhen": "default",
"visible": true,
"fields": [
{
"label": "Username",
"default": "adminUser",
"required": false,
"description": "Administrative username for RHPAM components",
"jsonPath": "$.spec.commonConfig.adminUser",
"type": "text"
},
{
"label": "Password",
"required": false,
"description": "Administrative password to use instead of generating default value",
"jsonPath": "$.spec.commonConfig.adminPassword",
"type": "password"
}
]
},
{
"label": "Password",
"label": "OpenShift admin credentials secret",
"type": "fieldGroup",
"required": false,
"description": "Administrative password to use instead of generating default value",
"jsonPath": "$.spec.commonConfig.adminPassword",
"type": "password"
"jsonPath": "$.spec.commonConfig.secretAdminCredentials",
"displayWhen": "secret",
"visible": false,
"fields": [
{
"label": "Secret configuration to use for Admin credentials",
"required": false,
"description": "If the secret is not present, kie-admin-credentials secret name will be used, if missing one with default username and generated password will be created",
"jsonPath": "$.spec.commonConfig.secretAdminCredentials",
"type": "text"
}
]
}
]
},
Expand Down Expand Up @@ -1739,7 +1776,7 @@
"label": "Max Number of Session",
"type": "integer",
"required": false,
"jsonPath": "$.spec.objects.servers[*].MDBMaxSession",
"jsonPath": "$.spec.objects.servers[*].kieExecutorMDBMaxSession",
"originalJsonPath": "$.spec.objects.servers[*].kieExecutorMDBMaxSession",
"description": "Number of max session used by the JMS Executor, it must be lower than the value of max-pool-size passed as jboss.mdb.strict.max.pool.size, if leaved empty the max.pool.size will be set to 60."
}
Expand Down
2 changes: 2 additions & 0 deletions pkg/apis/app/v2/kieapp_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -945,6 +945,8 @@ type CommonConfig struct {
DisableSsl bool `json:"disableSsl,omitempty"`
// Startup strategy for Console and Kieserver
StartupStrategy *StartupStrategy `json:"startupStrategy,omitempty"`
// Name of the secret containing admin's credentials, the keys are username and password, if the adminUser and adminPassword are provided the secretAdminCredentials will be skipped
SecretAdminCredentials string `json:"secretAdminCredentials,omitempty"`
}

// VersionConfigs ...
Expand Down
4 changes: 4 additions & 0 deletions pkg/controller/kieapp/constants/constants.go
Original file line number Diff line number Diff line change
Expand Up @@ -291,6 +291,10 @@ const (
SUBCOMPONENT_TYPE_INFRA = "infrastructure"

DefaultDatagridUsername = "infinispan"

KIE_ADMIN_CREDENTIALS_SECRET = "kie-admin-credentials"
USERNAME_ADMIN_SECRET_KEY = "username"
PASSWORD_ADMIN_SECRET_KEY = "password"
)

var OseCli4ImageURL = ImageRegistry + "/openshift4/ose-cli:" + highestOcpVersion(Ocp4Versions)
Expand Down
104 changes: 103 additions & 1 deletion pkg/controller/kieapp/defaults/defaults.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ package defaults
import (
"bytes"
"context"
"errors"
"fmt"
"os"
"strconv"
Expand Down Expand Up @@ -61,6 +62,23 @@ func GetEnvironment(cr *api.KieApp, service kubernetes.PlatformService) (api.Env
cr.Spec.Version = ""
}

// if the secret is the only credential present
if len(cr.Spec.CommonConfig.SecretAdminCredentials) > 0 || (len(cr.Spec.CommonConfig.AdminUser) == 0 && len(cr.Spec.CommonConfig.AdminPassword) == 0) {
errSecret, _, _ := checkAndCreateAdminSecret(service, cr)
if errSecret != nil {
log.Error("Can't create Admin Secret. ", errSecret)
}
}

//in case of missing secretAdmin we use the AdminUsername AdminPassword and if missing we set the defaults
if len(cr.Spec.CommonConfig.SecretAdminCredentials) == 0 && len(cr.Spec.CommonConfig.AdminPassword) == 0 {
password := constants.DefaultPassword
if !isTrial(cr) {
password = string(shared.GeneratePassword(8))
}
cr.Spec.CommonConfig.AdminPassword = password
}

envTemplate, err := getEnvTemplate(cr)
if err != nil {
return api.Environment{}, err
Expand Down Expand Up @@ -1200,7 +1218,6 @@ func getDefaultQueue(append bool, defaultJmsQueue string, jmsQueue string) strin
func setPasswords(spec *api.KieAppSpec, isTrialEnv bool) {
passwords := []*string{
&spec.CommonConfig.KeyStorePassword,
&spec.CommonConfig.AdminPassword,
&spec.CommonConfig.DBPassword,
&spec.CommonConfig.AMQPassword,
&spec.CommonConfig.AMQClusterPassword,
Expand Down Expand Up @@ -2119,3 +2136,88 @@ func getRouteHostname(obj interface{}) (host string) {
}
return host
}

func checkAndCreateAdminSecret(service kubernetes.PlatformService, cr *api.KieApp) (error, string, string) {
log.Infof("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ")
secretName := cr.Spec.CommonConfig.SecretAdminCredentials
namespace := cr.Namespace
environment := cr.Spec.Environment
/* The default secret will be like this
apiVersion: v1
kind: Secret
metadata:
name: kie-admin-credentials
type: Opaque
data:
//adminUser
username: YWRtaW4=
//RedHat
password: UmVkSGF0
*/

providedSecret, err := getSecret(service, namespace, secretName)

// The secret passed by the user doesn't exist we create one with default values, except for the trial env
if err != nil {
username := constants.DefaultAdminUser
password := constants.DefaultPassword
if !strings.HasSuffix(string(environment), constants.TrialEnvSuffix) {
password = string(shared.GeneratePassword(8))
}

err := createSecret(service, namespace, constants.KIE_ADMIN_CREDENTIALS_SECRET, username, password, cr)
if err != nil {
log.Error("Can't create Admin Secret. ", err)
return errors.New("Isn't possible to create a secret with default values"), "", ""
} else {
return nil, username, password
}
} else {
// the customer secret exists and we read the keys to see if is correct
username := providedSecret.StringData[constants.USERNAME_ADMIN_SECRET_KEY]
password := providedSecret.StringData[constants.PASSWORD_ADMIN_SECRET_KEY]
if len(username) > 0 && len(password) > 0 {
log.Info("Found " + secretName + " secret")
} else {
return errors.New("Found" + secretName + " but lack username or password "), "", ""
}
return nil, username, password
}
}

func createSecret(service kubernetes.PlatformService, namespace string, secretName string, username string, password string, cr *api.KieApp) error {
ownerRef := []metav1.OwnerReference{
{
APIVersion: cr.APIVersion,
Kind: cr.Kind,
Name: cr.Name,
UID: cr.ObjectMeta.GetUID(),
Controller: Pbool(true),
BlockOwnerDeletion: Pbool(true),
},
}
secret := corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: secretName,
Namespace: namespace,
OwnerReferences: cr.GetOwnerReferences(),
},
Type: "Opaque",
StringData: map[string]string{
constants.USERNAME_ADMIN_SECRET_KEY: username,
constants.PASSWORD_ADMIN_SECRET_KEY: password,
},
}
secret.SetOwnerReferences(ownerRef)
err := service.Create(context.TODO(), &secret)
return err
}

func getSecret(service kubernetes.PlatformService, namespace string, secretName string) (corev1.Secret, error) {
found := corev1.Secret{}
err := service.Get(context.TODO(), types.NamespacedName{
Name: secretName,
Namespace: namespace,
}, &found)
return found, err
}
Loading