Updating hardcoded admin password

roles/gitea-ocp/defaults/main.yml

@@ -4,7 +4,6 @@ _gitea_namespace: gitea
 _gitea_name: gitea
 
 _gitea_admin_user: administrator
-_gitea_admin_password: openshift
 _gitea_admin_email: [email protected]
 
 _gitea_postgresql_service_name: postgresql

roles/gitea-ocp/tasks/main.yml

@@ -91,8 +91,25 @@
 - set_fact:
     gitea_pod_name: '{{ gitea_pod.resources[0].metadata.name }}'
 
-- name: Create Gitea admin user
-  community.kubernetes.k8s_exec:
+- name: Check for administrator credential secret
+  k8s_info:
     namespace: "{{ _gitea_namespace }}"
-    pod: '{{ gitea_pod_name }}'
-    command: /home/gitea/gitea --config=/home/gitea/conf/app.ini admin create-user --username '{{ _gitea_admin_user }}' --password '{{ _gitea_admin_password }}' --admin --email '{{ _gitea_admin_email }}' --access-token --must-change-password=false
+    kind: Secret
+    name: "{{ _gitea_name }}-admin-credentials"
+  register: gitea_admin_credentials
+
+- name: Generate administrator password
+  block:
+    - set_fact:
+        gitea_admin_password: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters') }}"
+
+    - name: Create gitea-admin-credentials Secret
+      k8s:
+        definition: "{{ lookup('template', 'secret.yml.j2') | from_yaml }}"
+
+    - name: Create Gitea admin user
+      community.kubernetes.k8s_exec:
+        namespace: "{{ _gitea_namespace }}"
+        pod: '{{ gitea_pod_name }}'
+        command: /home/gitea/gitea --config=/home/gitea/conf/app.ini admin create-user --username '{{ _gitea_admin_user }}' --password '{{ gitea_admin_password }}' --admin --email '{{ _gitea_admin_email }}' --access-token --must-change-password=false
+  when: not gitea_admin_credentials.resources

roles/gitea-ocp/templates/secret.yml.j2

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: "{{ _gitea_name }}-admin-credentials"
+    namespace: "{{ _gitea_namespace }}"
+data:
+    username: "{{ 'administrator' | b64encode }}"
+    password: "{{ gitea_admin_password | b64encode }}"