#1898: cluster setup: Harbor SSO login isn't working

nforgeio · Apr 29, 2024 · 2feeb0b · 2feeb0b
1 parent fc81882
commit 2feeb0b
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 11 deletions.
diff --git a/Lib/Neon.Kube.Setup/KubeSetup.Operations.cs b/Lib/Neon.Kube.Setup/KubeSetup.Operations.cs
@@ -5002,12 +5002,6 @@ await NeonHelper.WaitAllAsync(tasks,
             await controlNode.InvokeIdempotentAsync("setup/harbor-login",
                 async () =>
                 {
-                    // $todo(jefflill): This is failing!
-                    //
-                    //      https://github.com/nforgeio/neonKUBE/issues/1898
-
-                    await Task.CompletedTask;
-#if TODO
                     var user     = await KubeHelper.GetClusterLdapUserAsync(k8s, KubeConst.SysAdminUser);
                     var password = user.Password;
                     var command  = $"echo '{password}' | podman login registry.neon.local --username {user.Name} --password-stdin";
@@ -5027,7 +5021,6 @@ await controlNode.InvokeIdempotentAsync("setup/harbor-login",
                             },
                             cancellationToken: controller.CancellationToken);
                     }
-#endif
                 });
 
             controller.ThrowIfCancelled();

diff --git a/Lib/Neon.Kube.Setup/KubeSetup.PrepareCluster.cs b/Lib/Neon.Kube.Setup/KubeSetup.PrepareCluster.cs
@@ -365,13 +365,28 @@ public static async Task<ISetupController> CreateClusterPrepareControllerAsync(
                         }
                     }
 
-                    // We also need to generate the cluster's root SSO password, unless this was specified
+                    // We also need to generate the cluster's [sysadmin] SSO password, unless this was specified
                     // in the cluster definition (typically for NEONDESKTOP clusters).
 
                     controller.SetGlobalStepStatus("generate: SSO password");
 
                     setupState.SsoUsername = KubeConst.SysAdminUser;
-                    setupState.SsoPassword = clusterDefinition.SsoPassword ?? NeonHelper.GetCryptoRandomPassword(clusterDefinition.Security.PasswordLength);
+
+                    if (clusterDefinition.SsoPassword != null)
+                    {
+                        setupState.SsoPassword = clusterDefinition.SsoPassword;
+                    }
+                    else
+                    {
+                        if (options.Insecure)
+                        {
+                            setupState.SsoPassword = KubeConst.SysAdminInsecurePassword;
+                        }
+                        else
+                        {
+                            setupState.SsoPassword = NeonHelper.GetCryptoRandomPassword(clusterDefinition.Security.PasswordLength);
+                        }
+                    }
 
                     setupState.Save();
                 });

diff --git a/Lib/Neon.Kube.Setup/KubeSetup.cs b/Lib/Neon.Kube.Setup/KubeSetup.cs
@@ -194,7 +194,7 @@ public static ClusterDefinition GetDesktopClusterDefinition(HostingEnvironment h
                         clusterDefinition.Hosting.Hypervisor.VCpus = 3;
                     }
 
-                    // Use the insecure password for NeonDESKTOP clusters.
+                    // Use the insecure SSO password for NeonDESKTOP clusters.
 
                     clusterDefinition.SsoPassword = KubeConst.SysAdminInsecurePassword;
 

diff --git a/Lib/Neon.Kube.Setup/Resources/Helm/glauth/templates/users.yaml b/Lib/Neon.Kube.Setup/Resources/Helm/glauth/templates/users.yaml
@@ -75,7 +75,7 @@ stringData:
   users.cfg: |
     #################
     # The users section contains a hardcoded list of valid users.
-    #   to create a passSHA256:   echo -n "mysecret" | openssl dgst -sha256
+    # to create a passSHA256:   echo -n "mysecret" | openssl dgst -sha256
 
     # This user record shows all of the possible fields available
     [[users]]