Merge pull request #25 from RedHatGov/develop

admin account creation
RedHatGov · Nov 5, 2020 · d375f2e · d375f2e
2 parents 89457f2 + 2972f35
commit d375f2e
Show file tree

Hide file tree

Showing 6 changed files with 49 additions and 1 deletion.
diff --git a/config/rbac/cluster_role.yaml b/config/rbac/cluster_role.yaml
@@ -8,6 +8,7 @@ rules:
   - ""
   resources:
   - pods
+  - pods/exec
   - services
   - services/finalizers
   - endpoints

diff --git a/config/rbac/namespaced/role.yaml b/config/rbac/namespaced/role.yaml
@@ -8,6 +8,7 @@ rules:
   - ""
   resources:
   - pods
+  - pods/exec
   - services
   - services/finalizers
   - endpoints

diff --git a/hack/operate.conf b/hack/operate.conf
@@ -1,5 +1,5 @@
 IMG=quay.io/redhatgov/gitea-operator
 KIND=Gitea
 CR_SAMPLE=redhatgov_v1alpha1_gitea_openshift.yaml
-VERSION=0.0.3
+VERSION=0.0.4
 CHANNELS=alpha
diff --git a/roles/gitea-ocp/defaults/main.yml b/roles/gitea-ocp/defaults/main.yml
@@ -3,6 +3,9 @@ _gitea_state: present
 _gitea_namespace: gitea
 _gitea_name: gitea
 
+_gitea_admin_user: administrator
+_gitea_admin_email: [email protected]
+
 _gitea_postgresql_service_name: postgresql
 _gitea_postgresql_database_name: giteadb
 _gitea_postgresql_user: giteauser

diff --git a/roles/gitea-ocp/tasks/main.yml b/roles/gitea-ocp/tasks/main.yml
@@ -78,3 +78,38 @@
   retries: 50
   delay: 10
   ignore_errors: yes
+
+- name: Get Gitea pod info
+  k8s_info:
+    api_version: v1
+    kind: Pod
+    namespace: '{{ _gitea_namespace }}'
+    label_selectors:
+      - "app={{ _gitea_name }}"
+  register: gitea_pod
+
+- set_fact:
+    gitea_pod_name: '{{ gitea_pod.resources[0].metadata.name }}'
+
+- name: Check for administrator credential secret
+  k8s_info:
+    namespace: "{{ _gitea_namespace }}"
+    kind: Secret
+    name: "{{ _gitea_name }}-admin-credentials"
+  register: gitea_admin_credentials
+
+- name: Generate administrator password
+  block:
+    - set_fact:
+        gitea_admin_password: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters') }}"
+
+    - name: Create gitea-admin-credentials Secret
+      k8s:
+        definition: "{{ lookup('template', 'secret.yml.j2') | from_yaml }}"
+
+    - name: Create Gitea admin user
+      community.kubernetes.k8s_exec:
+        namespace: "{{ _gitea_namespace }}"
+        pod: '{{ gitea_pod_name }}'
+        command: /home/gitea/gitea --config=/home/gitea/conf/app.ini admin create-user --username '{{ _gitea_admin_user }}' --password '{{ gitea_admin_password }}' --admin --email '{{ _gitea_admin_email }}' --access-token --must-change-password=false
+  when: not gitea_admin_credentials.resources
diff --git a/roles/gitea-ocp/templates/secret.yml.j2 b/roles/gitea-ocp/templates/secret.yml.j2
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: "{{ _gitea_name }}-admin-credentials"
+    namespace: "{{ _gitea_namespace }}"
+data:
+    username: "{{ 'administrator' | b64encode }}"
+    password: "{{ gitea_admin_password | b64encode }}"