Remove code and templates for generating app secrets

4ff6100e · Arie Peterson · e6e019bd · 4ff6100e · e6e019bd · e6e019bd
Commit 4ff6100e authored 1 year ago by Arie Peterson
--- a/backend/areas/apps/models.py
+++ b/backend/areas/apps/models.py
@@ -87,8 +87,6 @@ class App(db.Model):

    def install(self):
        """Creates a Kustomization in the Kubernetes cluster that installs this application"""
-        # Generate the necessary passwords, etc. from a template
-        self.__generate_secrets()
        # Create add-<app> kustomization
        self.__create_kustomization()

@@ -98,9 +96,8 @@ class App(db.Model):

        In our case, this triggers a deletion of the app's PVCs (so deletes all
        data), as well as any other Kustomizations and HelmReleases related to
-        the app. It also triggers a deletion of the OAuth2Client object, but
-        does not delete the secrets generated by the `install` command. It also
-        does not remove the TLS secret generated by cert-manager.
+        the app. It also triggers a deletion of the OAuth2Client object. It
+        also does not remove the TLS secret generated by cert-manager.
        """
        self.__delete_kustomization()

@@ -123,20 +120,6 @@ class App(db.Model):
        db.session.delete(self)
        return db.session.commit()

-    def __generate_secrets(self):
-        """Generates passwords for app installation"""
-        # Create app variables secret
-        if self.variables_template_filepath:
-            k8s.create_variables_secret(self.slug, self.variables_template_filepath)
-
-        k8s.create_variables_secret(
-            self.slug,
-            os.path.join(
-                self.__get_templates_dir(),
-                "stackspin-oauth-variables.yaml.jinja"
-            )
-        )
-
    def __create_kustomization(self):
        """Creates the `add-{app_slug}` kustomization in the Kubernetes cluster"""
        kustomization_template_filepath = \
@@ -148,16 +131,6 @@ class App(db.Model):
        """Deletes kustomization for this app"""
        k8s.delete_kustomization(f"add-{self.slug}")

-
-    @property
-    def variables_template_filepath(self):
-        """Path to the variables template used to generate secrets the app needs"""
-        variables_template_filepath = os.path.join(self.__get_templates_dir(),
-                f"stackspin-{self.slug}-variables.yaml.jinja")
-        if os.path.exists(variables_template_filepath):
-            return variables_template_filepath
-        return None
-
    @property
    def namespace(self):
        """
@@ -203,7 +176,7 @@ class App(db.Model):

    @staticmethod
    def __get_templates_dir():
-        """Returns directory that contains the Jinja templates used to create app secrets."""
+        """Returns directory that contains the Jinja templates for kubernetes manifests."""
        return os.path.join(os.path.dirname(os.path.realpath(__file__)), "templates")



--- a/backend/areas/apps/templates/stackspin-hedgedoc-variables.yaml.jinja
+++ b/backend/areas/apps/templates/stackspin-hedgedoc-variables.yaml.jinja
-apiVersion: v1
-kind: Secret
-metadata:
-  name: stackspin-hedgedoc-variables
-data:
-  hedgedoc_mariadb_password: "{{ 32 | generate_password | b64encode }}"
-  hedgedoc_mariadb_root_password: "{{ 32 | generate_password | b64encode }}"
--- a/backend/areas/apps/templates/stackspin-nextcloud-variables.yaml.jinja
+++ b/backend/areas/apps/templates/stackspin-nextcloud-variables.yaml.jinja
---
-apiVersion: v1
-kind: Secret
-metadata:
-  name: stackspin-nextcloud-variables
-data:
-  nextcloud_password: "{{ 32 | generate_password | b64encode }}"
-  nextcloud_mariadb_password: "{{ 32 | generate_password | b64encode }}"
-  nextcloud_mariadb_root_password: "{{ 32 | generate_password | b64encode }}"
-  nextcloud_redis_password: "{{ 32 | generate_password | b64encode }}"
-  onlyoffice_database_password: "{{ 32 | generate_password | b64encode }}"
-  onlyoffice_jwt_secret: "{{ 32 | generate_password | b64encode }}"
-  onlyoffice_rabbitmq_password: "{{ 32 | generate_password | b64encode }}"
--- a/backend/areas/apps/templates/stackspin-oauth-variables.yaml.jinja
+++ b/backend/areas/apps/templates/stackspin-oauth-variables.yaml.jinja
---
-apiVersion: v1
-kind: Secret
-metadata:
-  name: stackspin-{{ app }}-oauth-variables
-data:
-  client_id: "{{ app | b64encode }}"
-  client_secret: "{{ 32 | generate_password | b64encode }}"
--- a/backend/areas/apps/templates/stackspin-wekan-variables.yaml.jinja
+++ b/backend/areas/apps/templates/stackspin-wekan-variables.yaml.jinja
-apiVersion: v1
-kind: Secret
-metadata:
-  name: stackspin-wekan-variables
-data:
-  mongodb_password: "{{ 32 | generate_password | b64encode }}"
-  mongodb_root_password: "{{ 32 | generate_password | b64encode }}"
--- a/backend/areas/apps/templates/stackspin-wordpress-variables.yaml.jinja
+++ b/backend/areas/apps/templates/stackspin-wordpress-variables.yaml.jinja
---
-apiVersion: v1
-kind: Secret
-metadata:
-  name: stackspin-wordpress-variables
-data:
-  wordpress_admin_password: "{{ 32 | generate_password | b64encode }}"
-  wordpress_mariadb_password: "{{ 32 | generate_password | b64encode }}"
-  wordpress_mariadb_root_password: "{{ 32 | generate_password | b64encode }}"
--- a/backend/areas/apps/templates/stackspin-zulip-variables.yaml.jinja
+++ b/backend/areas/apps/templates/stackspin-zulip-variables.yaml.jinja
-apiVersion: v1
-kind: Secret
-metadata:
-  name: stackspin-zulip-variables
-data:
-  admin_password: "{{ 32 | generate_password | b64encode }}"
-  memcached_password: "{{ 32 | generate_password | b64encode }}"
-  rabbitmq_password: "{{ 32 | generate_password | b64encode }}"
-  rabbitmq_erlang_cookie: "{{ 32 | generate_password | b64encode }}"
-  redis_password: "{{ 32 | generate_password | b64encode }}"
-  postgresql_password: "{{ 32 | generate_password | b64encode }}"
-  zulip_password: "{{ 32 | generate_password | b64encode }}"