diff --git a/Cargo.lock b/Cargo.lock index c8cd3ee..20d59a1 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1274,6 +1274,7 @@ dependencies = [ "libiam", "rand", "tokio", + "url", ] [[package]] @@ -1313,9 +1314,9 @@ dependencies = [ [[package]] name = "idna" -version = "0.3.0" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e14ddfc70884202db2244c223200c204c2bda1bc6e0998d11b5e024d657209e6" +checksum = "634d9b1461af396cad843f47fdba5597a4f9e6ddd4bfb6ff5d85028c25cb12f6" dependencies = [ "unicode-bidi", "unicode-normalization", @@ -3162,9 +3163,9 @@ checksum = "ed646292ffc8188ef8ea4d1e0e0150fb15a5c2e12ad9b8fc191ae7a8a7f3c4b9" [[package]] name = "unicode-bidi" -version = "0.3.8" +version = "0.3.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "099b7128301d285f79ddd55b9a83d5e6b9e97c92e0ea0daebee7263e932de992" +checksum = "08f95100a766bf4f8f28f90d77e0a5461bbdb219042e7679bebe79004fed8d75" [[package]] name = "unicode-ident" @@ -3219,12 +3220,12 @@ checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" [[package]] name = "url" -version = "2.3.1" +version = "2.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0d68c799ae75762b8c3fe375feb6600ef5602c883c5d21eb51c09f22b83c4643" +checksum = "22784dbdf76fdde8af1aeda5622b546b422b6fc585325248a2bf9f5e41e94d6c" dependencies = [ "form_urlencoded", - "idna 0.3.0", + "idna 0.5.0", "percent-encoding", ] diff --git a/iam-setup/Cargo.toml b/iam-setup/Cargo.toml index 8cb78af..af64006 100644 --- a/iam-setup/Cargo.toml +++ b/iam-setup/Cargo.toml @@ -11,3 +11,4 @@ kube = "0.92.1" libiam = { version = "0.1.0", path = "../libiam" } rand = "0.8.5" tokio = { version = "1.38.0", features = ["rt", "macros"] } +url = "2.5.2" diff --git a/iam-setup/src/main.rs b/iam-setup/src/main.rs index b3989fd..22b709f 100644 --- a/iam-setup/src/main.rs +++ b/iam-setup/src/main.rs @@ -14,15 +14,16 @@ use rand::{ distributions::{Alphanumeric, DistString}, rngs::OsRng, }; +use url::Url; -async fn generate_mysql_password(client: Client) -> anyhow::Result<()> { - const SECRET_NAME: &str = "mysql"; - const SECRET_KEY: &str = "MYSQL_ROOT_PASSWORD"; +const MYSQL_SECRET_NAME: &str = "mysql"; +const MYSQL_SECRET_KEY: &str = "MYSQL_ROOT_PASSWORD"; +async fn generate_mysql_password(client: Client) -> anyhow::Result<()> { let secrets: Api = Api::default_namespaced(client); if secrets - .get_opt(SECRET_NAME) + .get_opt(MYSQL_SECRET_NAME) .await .context("Failed to query secret")? .is_some() @@ -38,12 +39,12 @@ async fn generate_mysql_password(client: Client) -> anyhow::Result<()> { &PostParams::default(), &Secret { metadata: ObjectMeta { - name: Some(SECRET_NAME.to_owned()), + name: Some(MYSQL_SECRET_NAME.to_owned()), ..Default::default() }, string_data: Some({ let mut map = BTreeMap::new(); - map.insert(SECRET_KEY.to_owned(), mysql_password); + map.insert(MYSQL_SECRET_KEY.to_owned(), mysql_password); map }), ..Default::default() @@ -74,8 +75,33 @@ async fn create_admin_user(client: Client) -> anyhow::Result<()> { let iam_url = env::var("IAM_URL").context("IAM_URL is not set")?; let database_url = env::var("DATABASE_URL").context("DATABASE_URL is not set")?; + let database_password = { + let secret = secrets + .get_opt(MYSQL_SECRET_NAME) + .await + .context("Failed to query secret")? + .context("No mysql secret")? + .data + .unwrap(); + + String::from_utf8( + secret + .get(MYSQL_SECRET_KEY) + .context("No mysql password")? + .0 + .clone(), + ) + .context("Not utf8 from kube rs")? + }; + + let database_url = { + let mut url = Url::parse(&database_url).context("invalid url")?; + url.set_password(Some(&database_password)).unwrap(); + url + }; + let iam = Iam::new(&iam_url); - let db = testing::Database::connect(&database_url).await; + let db = testing::Database::connect(database_url.as_str()).await; let admin_password = Alphanumeric.sample_string(&mut OsRng, 64); let user = User::register(&iam, "admin", ADMIN_EMAIL, &admin_password).await?;