Use Terraform to bcrypt the adminPassword.

make docs and examples.

Removed unnecessary opts parameter.

Changed default test password to match the previous encrypted password.

Adjusted requirement wording.

Ran make docs and examples.

Documentation/variables/config.md

@@ -7,7 +7,7 @@ This document gives an overview of variables used in all platforms of the Tecton
 | Name | Description | Type | Default |
 |------|-------------|:----:|:-----:|
 | tectonic_admin_email | The e-mail address used to: 1. login as the admin user to the Tectonic Console. 2. generate DNS zones for some providers.<br><br>Note: This field MUST be in all lower-case e-mail address format and set manually prior to creating the cluster. | string | - |
-| tectonic_admin_password_hash | The bcrypt hash of admin user password to login to the Tectonic Console. Use the bcrypt-hash tool (https://github.com/coreos/bcrypt-tool/releases/tag/v1.0.0) to generate it.<br><br>Note: This field MUST be set manually prior to creating the cluster. | string | - |
+| tectonic_admin_password | The admin user password to login to the Tectonic Console.<br><br>Note: This field MUST be set manually prior to creating the cluster. Backslashes and double quotes must also be escaped. | string | - |
 | tectonic_base_domain | The base DNS domain of the cluster. It must NOT contain a trailing period. Some DNS providers will automatically add this if necessary.<br><br>Example: `openstack.dev.coreos.systems`.<br><br>Note: This field MUST be set manually prior to creating the cluster. This applies only to cloud platforms.<br><br>[Azure-specific NOTE] To use Azure-provided DNS, `tectonic_base_domain` should be set to `""` If using DNS records, ensure that `tectonic_base_domain` is set to a properly configured external DNS zone. Instructions for configuring delegated domains for Azure DNS can be found here: https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns | string | - |
 | tectonic_ca_cert | (optional) The content of the PEM-encoded CA certificate, used to generate Tectonic Console's server certificate. If left blank, a CA certificate will be automatically generated. | string | `` |
 | tectonic_ca_key | (optional) The content of the PEM-encoded CA key, used to generate Tectonic Console's server certificate. This field is mandatory if `tectonic_ca_cert` is set. | string | `` |

Jenkinsfile

@@ -19,7 +19,7 @@ def creds = [
     $class: 'UsernamePasswordMultiBinding',
     credentialsId: 'tectonic-console-login',
     passwordVariable: 'TF_VAR_tectonic_admin_email',
-    usernameVariable: 'TF_VAR_tectonic_admin_password_hash'
+    usernameVariable: 'TF_VAR_tectonic_admin_password'
   ],
   [
     $class: 'AmazonWebServicesCredentialsBinding',

config.tf

@@ -291,14 +291,14 @@ Note: This field MUST be in all lower-case e-mail address format and set manuall
 EOF
 }
 
-variable "tectonic_admin_password_hash" {
+variable "tectonic_admin_password" {
   type = "string"
 
   description = <<EOF
-The bcrypt hash of admin user password to login to the Tectonic Console.
-Use the bcrypt-hash tool (https://github.com/coreos/bcrypt-tool/releases/tag/v1.0.0) to generate it.
+The admin user password to login to the Tectonic Console.
 
-Note: This field MUST be set manually prior to creating the cluster.
+Note: This field MUST be set manually prior to creating the cluster. Backslashes and double quotes must
+also be escaped.
 EOF
 }
 

examples/terraform.tfvars.aws

@@ -6,11 +6,11 @@
 // Note: This field MUST be in all lower-case e-mail address format and set manually prior to creating the cluster.
 tectonic_admin_email = ""
 
-// The bcrypt hash of admin user password to login to the Tectonic Console.
-// Use the bcrypt-hash tool (https://github.com/coreos/bcrypt-tool/releases/tag/v1.0.0) to generate it.
+// The admin user password to login to the Tectonic Console.
 // 
-// Note: This field MUST be set manually prior to creating the cluster.
-tectonic_admin_password_hash = ""
+// Note: This field MUST be set manually prior to creating the cluster. Backslashes and double quotes must
+// also be escaped.
+tectonic_admin_password = ""
 
 // (optional) Extra AWS tags to be applied to created autoscaling group resources.
 // This is a list of maps having the keys `key`, `value` and `propagate_at_launch`.

examples/terraform.tfvars.azure

@@ -6,11 +6,11 @@
 // Note: This field MUST be in all lower-case e-mail address format and set manually prior to creating the cluster.
 tectonic_admin_email = ""
 
-// The bcrypt hash of admin user password to login to the Tectonic Console.
-// Use the bcrypt-hash tool (https://github.com/coreos/bcrypt-tool/releases/tag/v1.0.0) to generate it.
+// The admin user password to login to the Tectonic Console.
 // 
-// Note: This field MUST be set manually prior to creating the cluster.
-tectonic_admin_password_hash = ""
+// Note: This field MUST be set manually prior to creating the cluster. Backslashes and double quotes must
+// also be escaped.
+tectonic_admin_password = ""
 
 // The client secret to use.
 tectonic_azure_client_secret = ""

examples/terraform.tfvars.metal

@@ -6,11 +6,11 @@
 // Note: This field MUST be in all lower-case e-mail address format and set manually prior to creating the cluster.
 tectonic_admin_email = ""
 
-// The bcrypt hash of admin user password to login to the Tectonic Console.
-// Use the bcrypt-hash tool (https://github.com/coreos/bcrypt-tool/releases/tag/v1.0.0) to generate it.
+// The admin user password to login to the Tectonic Console.
 // 
-// Note: This field MUST be set manually prior to creating the cluster.
-tectonic_admin_password_hash = ""
+// Note: This field MUST be set manually prior to creating the cluster. Backslashes and double quotes must
+// also be escaped.
+tectonic_admin_password = ""
 
 // The base DNS domain of the cluster. It must NOT contain a trailing period. Some
 // DNS providers will automatically add this if necessary.

examples/terraform.tfvars.openstack-neutron

@@ -6,11 +6,11 @@
 // Note: This field MUST be in all lower-case e-mail address format and set manually prior to creating the cluster.
 tectonic_admin_email = ""
 
-// The bcrypt hash of admin user password to login to the Tectonic Console.
-// Use the bcrypt-hash tool (https://github.com/coreos/bcrypt-tool/releases/tag/v1.0.0) to generate it.
+// The admin user password to login to the Tectonic Console.
 // 
-// Note: This field MUST be set manually prior to creating the cluster.
-tectonic_admin_password_hash = ""
+// Note: This field MUST be set manually prior to creating the cluster. Backslashes and double quotes must
+// also be escaped.
+tectonic_admin_password = ""
 
 // The base DNS domain of the cluster. It must NOT contain a trailing period. Some
 // DNS providers will automatically add this if necessary.

examples/terraform.tfvars.vmware

@@ -6,11 +6,11 @@
 // Note: This field MUST be in all lower-case e-mail address format and set manually prior to creating the cluster.
 tectonic_admin_email = ""
 
-// The bcrypt hash of admin user password to login to the Tectonic Console.
-// Use the bcrypt-hash tool (https://github.com/coreos/bcrypt-tool/releases/tag/v1.0.0) to generate it.
+// The admin user password to login to the Tectonic Console.
 // 
-// Note: This field MUST be set manually prior to creating the cluster.
-tectonic_admin_password_hash = ""
+// Note: This field MUST be set manually prior to creating the cluster. Backslashes and double quotes must
+// also be escaped.
+tectonic_admin_password = ""
 
 // The base DNS domain of the cluster. It must NOT contain a trailing period. Some
 // DNS providers will automatically add this if necessary.

installer/frontend/__tests__/examples/aws-vpc.json

@@ -12,7 +12,7 @@
   "retry": false,
   "variables": {
     "tectonic_admin_email": "[email protected]",
-    "tectonic_admin_password_hash": "$2a$12$96LR7NxL/T7LaijR0fxl3.aVI8owkpq0B./ogZ8wNmzF1bGPEZPBK",
+    "tectonic_admin_password": "PASSWORD",
     "tectonic_aws_etcd_ec2_type": "t2.large",
     "tectonic_aws_etcd_root_volume_size": 300,
     "tectonic_aws_etcd_root_volume_type": "gp2",

installer/frontend/__tests__/examples/aws.json

@@ -11,7 +11,7 @@
   },
   "variables": {
     "tectonic_admin_email": "[email protected]",
-    "tectonic_admin_password_hash": "$2a$12$96LR7NxL/T7LaijR0fxl3.aVI8owkpq0B./ogZ8wNmzF1bGPEZPBK",
+    "tectonic_admin_password": "PASSWORD",
     "tectonic_aws_extra_tags": {
       "test_tag": "testing"
     },

installer/frontend/__tests__/examples/metal.json

@@ -7,7 +7,7 @@
   "retry": false,
   "variables": {
     "tectonic_admin_email": "[email protected]",
-    "tectonic_admin_password_hash": "$2a$12$96LR7NxL/T7LaijR0fxl3.aVI8owkpq0B./ogZ8wNmzF1bGPEZPBK",
+    "tectonic_admin_password": "PASSWORD",
     "tectonic_base_domain": "unused",
     "tectonic_cluster_cidr": "10.2.0.0/16",
     "tectonic_cluster_name": "my-cluster",

installer/frontend/cluster-config.js

@@ -1,11 +1,8 @@
 import _ from 'lodash';
-import bcrypt from 'bcryptjs';
 
 import { BARE_METAL_TF } from './platforms';
 import { keyToAlg } from './utils';
 
-const bcryptCost = 12;
-
 // TODO: (ggreer) clean up key names. Warning: Doing this will break progress files.
 export const AWS_ACCESS_KEY_ID = 'awsAccessKeyId';
 export const AWS_SUBNETS = 'awsSubnets';
@@ -196,7 +193,7 @@ export const DEFAULT_CLUSTER_CONFIG = {
 };
 
 
-export const toAWS_TF = (cc, FORMS, opts = {}) => {
+export const toAWS_TF = (cc, FORMS) => {
   const controllers = FORMS[AWS_CONTROLLERS].getData(cc);
   const etcds = FORMS[AWS_ETCDS].getData(cc);
   const workers = FORMS[AWS_WORKERS].getData(cc);
@@ -233,7 +230,7 @@ export const toAWS_TF = (cc, FORMS, opts = {}) => {
     },
     variables: {
       // eslint-disable-next-line no-sync
-      tectonic_admin_password_hash: bcrypt.hashSync(cc[ADMIN_PASSWORD], opts.salt || bcrypt.genSaltSync(bcryptCost)),
+      tectonic_admin_password: cc[ADMIN_PASSWORD],
       tectonic_aws_region: cc[AWS_REGION],
       tectonic_admin_email: cc[ADMIN_EMAIL],
       tectonic_aws_master_ec2_type: controllers[INSTANCE_TYPE],
@@ -297,7 +294,7 @@ export const toAWS_TF = (cc, FORMS, opts = {}) => {
   return ret;
 };
 
-export const toBaremetal_TF = (cc, FORMS, opts = {}) => {
+export const toBaremetal_TF = (cc, FORMS) => {
   const sshKey = FORMS[BM_SSH_KEY].getData(cc);
   const masters = cc[BM_MASTERS];
   const workers = cc[BM_WORKERS];
@@ -311,7 +308,7 @@ export const toBaremetal_TF = (cc, FORMS, opts = {}) => {
     retry: cc[RETRY],
     variables: {
       // eslint-disable-next-line no-sync
-      tectonic_admin_password_hash: bcrypt.hashSync(cc[ADMIN_PASSWORD], opts.salt || bcrypt.genSaltSync(bcryptCost)),
+      tectonic_admin_password: cc[ADMIN_PASSWORD],
       tectonic_cluster_name: cc[CLUSTER_NAME],
       tectonic_admin_email: cc[ADMIN_EMAIL],
       tectonic_metal_cl_version: cc[BM_OS_TO_USE],

installer/frontend/package.json

@@ -28,7 +28,6 @@
   "dependencies": {
     "babel-plugin-git-version": "github:coreos/babel-plugin-git-version-build",
     "babyparse": "0.4.x",
-    "bcryptjs": "2.x",
     "classnames": "2.2.x",
     "file-saver": "1.3.x",
     "immutable": "3.8.x",

installer/frontend/ui-tests/utils/awsInstallerInput.js

@@ -7,7 +7,7 @@ const awsTestDatajson = JSON.parse(fs.readFileSync(awsJsonPath, 'utf8'));
 const json = awsTestDatajson.variables;
 /** Returns expected json. This json is used to prep the data required for the test */
 const buildExpectedJson = () => {
-  delete json.tectonic_admin_password_hash;
+  delete json.tectonic_admin_password;
   delete json.tectonic_aws_extra_tags;
   delete json.tectonic_aws_external_private_zone;
   delete json.tectonic_aws_private_endpoints;

installer/frontend/ui-tests/utils/bareMetalInstallerInput.js

@@ -9,7 +9,7 @@ const json = bareMetalTestDataJson.variables;
 
 /** Returns expected json. This json is used to prep the data required for the test */
 const buildExpectedJson = () => {
-  delete json.tectonic_admin_password_hash;
+  delete json.tectonic_admin_password;
   return json;
 };
 

installer/frontend/ui-tests/utils/terraformTfvars.js

@@ -40,7 +40,7 @@ const getTerraformTfvars = (response, callback) => {
 const returnRequiredTerraformTfvars = (terraformTfvars) => {
   const json = JSON.parse(terraformTfvars);
   const extraTfvars = [
-    'tectonic_admin_password_hash',
+    'tectonic_admin_password',
     'tectonic_license_path',
     'tectonic_pull_secret_path',
     'tectonic_kube_apiserver_service_ip',

installer/frontend/yarn.lock

@@ -783,10 +783,6 @@ bcrypt-pbkdf@^1.0.0:
   dependencies:
     tweetnacl "^0.14.3"
 
-[email protected]:
-  version "2.4.3"
-  resolved "https://registry.yarnpkg.com/bcryptjs/-/bcryptjs-2.4.3.tgz#9ab5627b93e60621ff7cdac5da9733027df1d0cb"
-
 binary-extensions@^1.0.0:
   version "1.9.0"
   resolved "https://registry.yarnpkg.com/binary-extensions/-/binary-extensions-1.9.0.tgz#66506c16ce6f4d6928a5b3cd6a33ca41e941e37b"

modules/tectonic/assets.tf

@@ -54,7 +54,7 @@ resource "template_dir" "tectonic" {
 
     admin_user_id       = "${random_id.admin_user_id.b64}"
     admin_email         = "${lower(var.admin_email)}"
-    admin_password_hash = "${var.admin_password_hash}"
+    admin_password_hash = "${bcrypt(var.admin_password, 12)}"
 
     console_base_address = "${var.base_address}"
     console_client_id    = "${var.console_client_id}"

modules/tectonic/variables.tf

@@ -65,10 +65,10 @@ variable "admin_email" {
   default     = "[email protected]"
 }
 
-variable "admin_password_hash" {
-  description = "Hashed password used to by the cluster admin to login to the Tectonic Console. Generate with the bcrypt-hash tool (https://github.com/coreos/bcrypt-tool/releases/tag/v1.0.0)."
+variable "admin_password" {
+  description = "Password used to by the cluster admin to login to the Tectonic Console. Backslashes and double quotes must be escaped."
   type        = "string"
-  default     = "2a$12$k9wa31uE/4uD9aVtT/vNtOZwxXyEJ/9DwXXEYB/eUpb9fvEPsH/kO"
+  default     = "PASSWORD"
 }
 
 variable "update_server" {

platforms/aws/tectonic.tf

@@ -84,8 +84,8 @@ module "tectonic" {
   license_path     = "${var.tectonic_vanilla_k8s ? "/dev/null" : pathexpand(var.tectonic_license_path)}"
   pull_secret_path = "${var.tectonic_vanilla_k8s ? "/dev/null" : pathexpand(var.tectonic_pull_secret_path)}"
 
-  admin_email         = "${var.tectonic_admin_email}"
-  admin_password_hash = "${var.tectonic_admin_password_hash}"
+  admin_email    = "${var.tectonic_admin_email}"
+  admin_password = "${var.tectonic_admin_password}"
 
   update_channel = "${var.tectonic_update_channel}"
   update_app_id  = "${var.tectonic_update_app_id}"

platforms/azure/tectonic.tf

@@ -55,8 +55,8 @@ module "tectonic" {
   license_path     = "${var.tectonic_vanilla_k8s ? "/dev/null" : pathexpand(var.tectonic_license_path)}"
   pull_secret_path = "${var.tectonic_vanilla_k8s ? "/dev/null" : pathexpand(var.tectonic_pull_secret_path)}"
 
-  admin_email         = "${var.tectonic_admin_email}"
-  admin_password_hash = "${var.tectonic_admin_password_hash}"
+  admin_email    = "${var.tectonic_admin_email}"
+  admin_password = "${var.tectonic_admin_password}"
 
   update_channel = "${var.tectonic_update_channel}"
   update_app_id  = "${var.tectonic_update_app_id}"

platforms/metal/tectonic.tf

@@ -63,8 +63,8 @@ module "tectonic" {
   license_path     = "${var.tectonic_vanilla_k8s ? "/dev/null" : pathexpand(var.tectonic_license_path)}"
   pull_secret_path = "${var.tectonic_vanilla_k8s ? "/dev/null" : pathexpand(var.tectonic_pull_secret_path)}"
 
-  admin_email         = "${var.tectonic_admin_email}"
-  admin_password_hash = "${var.tectonic_admin_password_hash}"
+  admin_email    = "${var.tectonic_admin_email}"
+  admin_password = "${var.tectonic_admin_password}"
 
   update_channel = "${var.tectonic_update_channel}"
   update_app_id  = "${var.tectonic_update_app_id}"

platforms/openstack/neutron/main.tf

@@ -62,8 +62,8 @@ module "tectonic" {
   license_path     = "${var.tectonic_vanilla_k8s ? "/dev/null" : pathexpand(var.tectonic_license_path)}"
   pull_secret_path = "${var.tectonic_vanilla_k8s ? "/dev/null" : pathexpand(var.tectonic_pull_secret_path)}"
 
-  admin_email         = "${var.tectonic_admin_email}"
-  admin_password_hash = "${var.tectonic_admin_password_hash}"
+  admin_email    = "${var.tectonic_admin_email}"
+  admin_password = "${var.tectonic_admin_password}"
 
   update_channel = "${var.tectonic_update_channel}"
   update_app_id  = "${var.tectonic_update_app_id}"

platforms/vmware/tectonic.tf

@@ -65,8 +65,8 @@ module "tectonic" {
   license_path     = "${var.tectonic_vanilla_k8s ? "/dev/null" : pathexpand(var.tectonic_license_path)}"
   pull_secret_path = "${var.tectonic_vanilla_k8s ? "/dev/null" : pathexpand(var.tectonic_pull_secret_path)}"
 
-  admin_email         = "${var.tectonic_admin_email}"
-  admin_password_hash = "${var.tectonic_admin_password_hash}"
+  admin_email    = "${var.tectonic_admin_email}"
+  admin_password = "${var.tectonic_admin_password}"
 
   update_channel = "${var.tectonic_update_channel}"
   update_app_id  = "${var.tectonic_update_app_id}"

tests/conformance/conformance.sh

@@ -24,7 +24,7 @@ TF_VAR_tectonic_pull_secret_path=${TF_VAR_tectonic_pull_secret_path}
 TF_VAR_tectonic_license_path=${TF_VAR_tectonic_license_path}
 TF_VAR_tectonic_aws_ssh_key="jenkins"
 TF_VAR_tectonic_admin_email=${TF_VAR_tectonic_admin_email}
-TF_VAR_tectonic_admin_password_hash=${TF_VAR_tectonic_admin_password_hash}
+TF_VAR_tectonic_admin_password=${TF_VAR_tectonic_admin_password}
 EOF
 }
 

tests/smoke/bare-metal/vars/metal.tfvars

@@ -113,9 +113,8 @@ tectonic_ssh_authorized_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPQFdwVLr+a
 
 # Tectonic
 
-# generate a hash with the bcrypt-hash tool (https://github.com/coreos/bcrypt-tool/releases/tag/v1.0.0) that will be used for your admin user.
 tectonic_admin_email = "[email protected]"
-tectonic_admin_password_hash = "$2a$12$T8hTe.NlOPDP0SS3DxNeDuVhHSFbdGXZEhGps/W.BG4QC7.1/nDaG"
+tectonic_admin_password = "PASSWORD"
 
 # Update Details
 # leave blank for default values