Re-creating too the inital admin secret for argocd. cnoe-io#441

Signed-off-by: cmoulliard <[email protected]>
ch007m · Nov 8, 2024 · ee9dc06 · ee9dc06
1 parent 704bc78
commit ee9dc06
Showing 1 changed file with 40 additions and 16 deletions.
diff --git a/pkg/controllers/localbuild/argo.go b/pkg/controllers/localbuild/argo.go
@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"golang.org/x/crypto/bcrypt"
 	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"time"
@@ -23,7 +24,11 @@ import (
 var installArgoFS embed.FS
 
 const (
-	argocdDevModePassword = "developer"
+	argocdDevModePassword         = "developer"
+	argocdAdminSecretName         = "argocd-secret"
+	argocdInitialAdminSecretName  = "argocd-initial-admin-secret"
+	argocdInitialAdminPasswordKey = "argocd-initial-admin-secret"
+	argocdNamespace               = "argocd"
 )
 
 func RawArgocdInstallResources(templateData any, config v1alpha1.PackageCustomization, scheme *runtime.Scheme) ([][]byte, error) {
@@ -68,25 +73,13 @@ func (r *LocalbuildReconciler) ReconcileArgo(ctx context.Context, req ctrl.Reque
 
 	// Let's patch the existing argocd admin secret if devmode is enabled to set the default password
 	if r.Config.DevMode {
-		kubeClient, err := k8s.GetKubeClient()
-		if err != nil {
-			return ctrl.Result{}, fmt.Errorf("getting kube client: %w", err)
-		}
-
-		s := v1.Secret{}
-		err = kubeClient.Get(ctx, client.ObjectKey{Name: "argocd-secret", Namespace: "argocd"}, &s)
-		if err != nil {
-			return ctrl.Result{}, fmt.Errorf("getting argocd secret: %w", err)
-		}
-
 		// Hash password using bcrypt
 		password := argocdDevModePassword
 		hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), 0)
 		if err != nil {
 			return ctrl.Result{}, fmt.Errorf("Error hashing password: %w", err)
 		}
-		// Get the current date in the desired format
-		passwordMtime := time.Now().Format("2006-01-02T15:04:05Z")
+		passwordMtime := time.Now().Format(time.RFC3339)
 
 		// Prepare the patch for the Secret's `stringData` field
 		patchData := map[string]interface{}{
@@ -101,13 +94,44 @@ func (r *LocalbuildReconciler) ReconcileArgo(ctx context.Context, req ctrl.Reque
 			return ctrl.Result{}, fmt.Errorf("Error marshalling patch data:", err)
 		}
 
+		kubeClient, err := k8s.GetKubeClient()
+		if err != nil {
+			return ctrl.Result{}, fmt.Errorf("getting kube client: %w", err)
+		}
+
+		// Getting the argocd-secret
+		s := v1.Secret{}
+		err = kubeClient.Get(ctx, client.ObjectKey{Name: argocdAdminSecretName, Namespace: argocdNamespace}, &s)
+		if err != nil {
+			return ctrl.Result{}, fmt.Errorf("getting argocd secret: %w", err)
+		}
+
 		// Patching the argocd-secret with the hashed password
 		err = kubeClient.Patch(ctx, &s, client.RawPatch(types.StrategicMergePatchType, patchBytes))
 		if err != nil {
 			return ctrl.Result{}, fmt.Errorf("Error patching the Secret:", err)
-		} else {
-			return ctrl.Result{}, nil
 		}
+
+		adminSecret := v1.Secret{
+			TypeMeta: metav1.TypeMeta{
+				Kind:       "Secret",
+				APIVersion: "v1",
+			},
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      argocdInitialAdminSecretName,
+				Namespace: argocdNamespace,
+			},
+			StringData: map[string]string{
+				argocdInitialAdminPasswordKey: argocdDevModePassword,
+			},
+		}
+
+		// Re-creating the initial admin password secret: argocd-initial-admin-secret as used with "idpbuilder get secrets -p argocd"
+		err = kubeClient.Create(ctx, &adminSecret)
+		if err != nil {
+			return ctrl.Result{}, fmt.Errorf("Error creating the initial admin secret:", err)
+		}
+
 	}
 
 	return ctrl.Result{}, nil