diff --git a/internal/provider/kratos/kratos.go b/internal/provider/kratos/kratos.go index 4366042..b4bfab4 100644 --- a/internal/provider/kratos/kratos.go +++ b/internal/provider/kratos/kratos.go @@ -12,7 +12,7 @@ type kratosAuthProvider struct { } type AuthProvider interface { // create new user - Create(context.Context, map[string]interface{}) (string, error) // returns id,error + Create(context.Context, string, map[string]interface{}) (string, error) // returns id,error // update user Update(context.Context, string, map[string]interface{}) error // get recovery link for user @@ -25,8 +25,13 @@ func NewKratosAuthProvider(kc *kclient.APIClient) AuthProvider { return &kratosAuthProvider{kc: kc} } -func (k *kratosAuthProvider) Create(ctx context.Context, traits map[string]interface{}) (string, error) { +func (k *kratosAuthProvider) Create(ctx context.Context, password string, traits map[string]interface{}) (string, error) { cib := kclient.NewAdminCreateIdentityBody("default", traits) + cib.Credentials.SetPassword(kclient.AdminCreateIdentityImportCredentialsPassword{ + Config: &kclient.AdminCreateIdentityImportCredentialsPasswordConfig{ + Password: kclient.PtrString(password), + }, + }) ir, hr, err := k.kc.V0alpha2Api.AdminCreateIdentity(ctx).AdminCreateIdentityBody(*cib).Execute() if err != nil { fmt.Println(hr) diff --git a/pkg/service/mocks.go b/pkg/service/mocks.go index e1124cb..5f6ad8a 100644 --- a/pkg/service/mocks.go +++ b/pkg/service/mocks.go @@ -18,7 +18,7 @@ type mockAuthProvider struct { d []string } -func (m *mockAuthProvider) Create(ctx context.Context, traits map[string]interface{}) (string, error) { +func (m *mockAuthProvider) Create(ctx context.Context, pass string, traits map[string]interface{}) (string, error) { m.c = append(m.c, traits) return strings.Split(traits["email"].(string), "user-")[1], nil } diff --git a/pkg/service/user.go b/pkg/service/user.go index 0c65c91..29f82c4 100644 --- a/pkg/service/user.go +++ b/pkg/service/user.go @@ -416,7 +416,7 @@ func (s *userService) Create(ctx context.Context, user *userv3.User) (*userv3.Us user.Spec.IdpGroups = []string{} // Kratos checks if the user is already available - id, err := s.ap.Create(ctx, map[string]interface{}{ + id, err := s.ap.Create(ctx, user.GetSpec().GetPassword(), map[string]interface{}{ "email": user.GetMetadata().GetName(), // can be just username for API access "first_name": user.GetSpec().GetFirstName(), "last_name": user.GetSpec().GetLastName(), @@ -451,13 +451,6 @@ func (s *userService) Create(ctx context.Context, user *userv3.User) (*userv3.Us return &userv3.User{}, err } - rl, err := s.ap.GetRecoveryLink(ctx, id) - if err != nil { - _log.Warn("unable to generate recovery url", err) - return &userv3.User{}, err - } - user.Spec.RecoveryUrl = &rl - CreateUserAuditEvent(ctx, s.al, s.db, AuditActionCreate, user.GetMetadata().GetName(), uid, []uuid.UUID{}, rolesAfter, []uuid.UUID{}, groupsAfter) return user, nil } diff --git a/pkg/service/user_test.go b/pkg/service/user_test.go index f518afb..638bb82 100644 --- a/pkg/service/user_test.go +++ b/pkg/service/user_test.go @@ -84,7 +84,7 @@ func TestCreateUser(t *testing.T) { if user.GetMetadata().GetName() != "user-"+uuuid { t.Errorf("expected name 'user-%v'; got '%v'", uuuid, user.GetMetadata().GetName()) } - performBasicAuthProviderChecks(t, *ap, 1, 0, 1, 0) + performBasicAuthProviderChecks(t, *ap, 1, 0, 0, 0) } func TestCreateUserWithRole(t *testing.T) { @@ -159,7 +159,7 @@ func TestCreateUserWithRole(t *testing.T) { t.Errorf("expected name 'user-%v'; got '%v'", uuuid, user.GetMetadata().GetName()) } - performBasicAuthProviderChecks(t, *ap, 1, 0, 1, 0) + performBasicAuthProviderChecks(t, *ap, 1, 0, 0, 0) }) } } diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go index 787622b..2ae007f 100644 --- a/pkg/utils/utils.go +++ b/pkg/utils/utils.go @@ -1,6 +1,11 @@ package utils -import "github.com/google/uuid" +import ( + "math/rand" + "time" + + "github.com/google/uuid" +) func Unique(items []string) []string { keys := make(map[string]bool) @@ -81,3 +86,22 @@ func DiffU(before, after []uuid.UUID) ([]uuid.UUID, []uuid.UUID, []uuid.UUID) { } return cu, uu, du } + +func GetRandomPassword(length int) string { + rand.Seed(time.Now().UnixNano()) + digits := "0123456789" + specials := "~=+%^*/()[]{}/!@#$?|" + all := "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + + "abcdefghijklmnopqrstuvwxyz" + + digits + specials + buf := make([]byte, length) + buf[0] = digits[rand.Intn(len(digits))] + buf[1] = specials[rand.Intn(len(specials))] + for i := 2; i < length; i++ { + buf[i] = all[rand.Intn(len(all))] + } + rand.Shuffle(len(buf), func(i, j int) { + buf[i], buf[j] = buf[j], buf[i] + }) + return string(buf) +} diff --git a/scripts/initialize/main.go b/scripts/initialize/main.go index 873c389..805441d 100644 --- a/scripts/initialize/main.go +++ b/scripts/initialize/main.go @@ -20,6 +20,7 @@ import ( "github.com/paralus/paralus/pkg/common" "github.com/paralus/paralus/pkg/enforcer" "github.com/paralus/paralus/pkg/service" + "github.com/paralus/paralus/pkg/utils" commonv3 "github.com/paralus/paralus/proto/types/commonpb/v3" rolev3 "github.com/paralus/paralus/proto/types/rolepb/v3" systemv3 "github.com/paralus/paralus/proto/types/systempb/v3" @@ -299,11 +300,12 @@ func main() { retry: numOfRetries := 0 // should we directly interact with kratos and create a user with a password? - orgA, err := us.Create(context.Background(), &userv3.User{ + _, err = us.Create(context.Background(), &userv3.User{ Metadata: &commonv3.Metadata{Name: *oae, Partner: *partner, Organization: *org}, Spec: &userv3.UserSpec{ FirstName: *oafn, LastName: *oaln, + Password: utils.GetRandomPassword(8), Groups: []string{admingrp.Metadata.Name, localUsersGrp.Metadata.Name}, ProjectNamespaceRoles: []*userv3.ProjectNamespaceRole{{Role: "ADMIN", Group: &admingrp.Metadata.Name}}}, }) @@ -318,6 +320,4 @@ retry: time.Sleep(10 * time.Second) goto retry } - - fmt.Println("Org Admin signup URL: ", *orgA.Spec.RecoveryUrl) }