generate password feature for kratos admin creation

internal/provider/kratos/kratos.go

@@ -12,7 +12,7 @@ type kratosAuthProvider struct {
 }
 type AuthProvider interface {
 	// create new user
-	Create(context.Context, map[string]interface{}) (string, error) // returns id,error
+	Create(context.Context, string, map[string]interface{}) (string, error) // returns id,error
 	// update user
 	Update(context.Context, string, map[string]interface{}) error
 	// get recovery link for user
@@ -25,8 +25,13 @@ func NewKratosAuthProvider(kc *kclient.APIClient) AuthProvider {
 	return &kratosAuthProvider{kc: kc}
 }
 
-func (k *kratosAuthProvider) Create(ctx context.Context, traits map[string]interface{}) (string, error) {
+func (k *kratosAuthProvider) Create(ctx context.Context, password string, traits map[string]interface{}) (string, error) {
 	cib := kclient.NewAdminCreateIdentityBody("default", traits)
+	cib.Credentials.SetPassword(kclient.AdminCreateIdentityImportCredentialsPassword{
+		Config: &kclient.AdminCreateIdentityImportCredentialsPasswordConfig{
+			Password: kclient.PtrString(password),
+		},
+	})
 	ir, hr, err := k.kc.V0alpha2Api.AdminCreateIdentity(ctx).AdminCreateIdentityBody(*cib).Execute()
 	if err != nil {
 		fmt.Println(hr)

pkg/service/mocks.go

@@ -18,7 +18,7 @@ type mockAuthProvider struct {
 	d []string
 }
 
-func (m *mockAuthProvider) Create(ctx context.Context, traits map[string]interface{}) (string, error) {
+func (m *mockAuthProvider) Create(ctx context.Context, pass string, traits map[string]interface{}) (string, error) {
 	m.c = append(m.c, traits)
 	return strings.Split(traits["email"].(string), "user-")[1], nil
 }

pkg/service/user.go

@@ -416,7 +416,7 @@ func (s *userService) Create(ctx context.Context, user *userv3.User) (*userv3.Us
 	user.Spec.IdpGroups = []string{}
 
 	// Kratos checks if the user is already available
-	id, err := s.ap.Create(ctx, map[string]interface{}{
+	id, err := s.ap.Create(ctx, user.GetSpec().GetPassword(), map[string]interface{}{
 		"email":      user.GetMetadata().GetName(), // can be just username for API access
 		"first_name": user.GetSpec().GetFirstName(),
 		"last_name":  user.GetSpec().GetLastName(),
@@ -451,13 +451,6 @@ func (s *userService) Create(ctx context.Context, user *userv3.User) (*userv3.Us
 		return &userv3.User{}, err
 	}
 
-	rl, err := s.ap.GetRecoveryLink(ctx, id)
-	if err != nil {
-		_log.Warn("unable to generate recovery url", err)
-		return &userv3.User{}, err
-	}
-	user.Spec.RecoveryUrl = &rl
-
 	CreateUserAuditEvent(ctx, s.al, s.db, AuditActionCreate, user.GetMetadata().GetName(), uid, []uuid.UUID{}, rolesAfter, []uuid.UUID{}, groupsAfter)
 	return user, nil
 }

pkg/service/user_test.go

@@ -84,7 +84,7 @@ func TestCreateUser(t *testing.T) {
 	if user.GetMetadata().GetName() != "user-"+uuuid {
 		t.Errorf("expected name 'user-%v'; got '%v'", uuuid, user.GetMetadata().GetName())
 	}
-	performBasicAuthProviderChecks(t, *ap, 1, 0, 1, 0)
+	performBasicAuthProviderChecks(t, *ap, 1, 0, 0, 0)
 }
 
 func TestCreateUserWithRole(t *testing.T) {
@@ -159,7 +159,7 @@ func TestCreateUserWithRole(t *testing.T) {
 				t.Errorf("expected name 'user-%v'; got '%v'", uuuid, user.GetMetadata().GetName())
 			}
 
-			performBasicAuthProviderChecks(t, *ap, 1, 0, 1, 0)
+			performBasicAuthProviderChecks(t, *ap, 1, 0, 0, 0)
 		})
 	}
 }

pkg/utils/utils.go

@@ -1,6 +1,11 @@
 package utils
 
-import "github.com/google/uuid"
+import (
+	"math/rand"
+	"time"
+
+	"github.com/google/uuid"
+)
 
 func Unique(items []string) []string {
 	keys := make(map[string]bool)
@@ -81,3 +86,22 @@ func DiffU(before, after []uuid.UUID) ([]uuid.UUID, []uuid.UUID, []uuid.UUID) {
 	}
 	return cu, uu, du
 }
+
+func GetRandomPassword(length int) string {
+	rand.Seed(time.Now().UnixNano())
+	digits := "0123456789"
+	specials := "~=+%^*/()[]{}/!@#$?|"
+	all := "ABCDEFGHIJKLMNOPQRSTUVWXYZ" +
+		"abcdefghijklmnopqrstuvwxyz" +
+		digits + specials
+	buf := make([]byte, length)
+	buf[0] = digits[rand.Intn(len(digits))]
+	buf[1] = specials[rand.Intn(len(specials))]
+	for i := 2; i < length; i++ {
+		buf[i] = all[rand.Intn(len(all))]
+	}
+	rand.Shuffle(len(buf), func(i, j int) {
+		buf[i], buf[j] = buf[j], buf[i]
+	})
+	return string(buf)
+}

scripts/initialize/main.go

@@ -20,6 +20,7 @@ import (
 	"github.com/paralus/paralus/pkg/common"
 	"github.com/paralus/paralus/pkg/enforcer"
 	"github.com/paralus/paralus/pkg/service"
+	"github.com/paralus/paralus/pkg/utils"
 	commonv3 "github.com/paralus/paralus/proto/types/commonpb/v3"
 	rolev3 "github.com/paralus/paralus/proto/types/rolepb/v3"
 	systemv3 "github.com/paralus/paralus/proto/types/systempb/v3"
@@ -299,11 +300,12 @@ func main() {
 retry:
 	numOfRetries := 0
 	// should we directly interact with kratos and create a user with a password?
-	orgA, err := us.Create(context.Background(), &userv3.User{
+	_, err = us.Create(context.Background(), &userv3.User{
 		Metadata: &commonv3.Metadata{Name: *oae, Partner: *partner, Organization: *org},
 		Spec: &userv3.UserSpec{
 			FirstName:             *oafn,
 			LastName:              *oaln,
+			Password:              utils.GetRandomPassword(8),
 			Groups:                []string{admingrp.Metadata.Name, localUsersGrp.Metadata.Name},
 			ProjectNamespaceRoles: []*userv3.ProjectNamespaceRole{{Role: "ADMIN", Group: &admingrp.Metadata.Name}}},
 	})
@@ -318,6 +320,4 @@ retry:
 		time.Sleep(10 * time.Second)
 		goto retry
 	}
-
-	fmt.Println("Org Admin signup URL: ", *orgA.Spec.RecoveryUrl)
 }