From 4ff6100e465e03a7cdfd31897a710a198b0cb8e4 Mon Sep 17 00:00:00 2001
From: Arie Peterson <arie@greenhost.nl>
Date: Fri, 7 Jul 2023 10:02:03 +0200
Subject: [PATCH] Remove code and templates for generating app secrets

---
 backend/areas/apps/models.py                  | 33 ++-----------------
 .../stackspin-hedgedoc-variables.yaml.jinja   |  7 ----
 .../stackspin-nextcloud-variables.yaml.jinja  | 13 --------
 .../stackspin-oauth-variables.yaml.jinja      |  8 -----
 .../stackspin-wekan-variables.yaml.jinja      |  7 ----
 .../stackspin-wordpress-variables.yaml.jinja  |  9 -----
 .../stackspin-zulip-variables.yaml.jinja      | 12 -------
 7 files changed, 3 insertions(+), 86 deletions(-)
 delete mode 100644 backend/areas/apps/templates/stackspin-hedgedoc-variables.yaml.jinja
 delete mode 100644 backend/areas/apps/templates/stackspin-nextcloud-variables.yaml.jinja
 delete mode 100644 backend/areas/apps/templates/stackspin-oauth-variables.yaml.jinja
 delete mode 100644 backend/areas/apps/templates/stackspin-wekan-variables.yaml.jinja
 delete mode 100644 backend/areas/apps/templates/stackspin-wordpress-variables.yaml.jinja
 delete mode 100644 backend/areas/apps/templates/stackspin-zulip-variables.yaml.jinja

diff --git a/backend/areas/apps/models.py b/backend/areas/apps/models.py
index e7898a14..d2b411cb 100644
--- a/backend/areas/apps/models.py
+++ b/backend/areas/apps/models.py
@@ -87,8 +87,6 @@ class App(db.Model):
 
     def install(self):
         """Creates a Kustomization in the Kubernetes cluster that installs this application"""
-        # Generate the necessary passwords, etc. from a template
-        self.__generate_secrets()
         # Create add-<app> kustomization
         self.__create_kustomization()
 
@@ -98,9 +96,8 @@ class App(db.Model):
 
         In our case, this triggers a deletion of the app's PVCs (so deletes all
         data), as well as any other Kustomizations and HelmReleases related to
-        the app. It also triggers a deletion of the OAuth2Client object, but
-        does not delete the secrets generated by the `install` command. It also
-        does not remove the TLS secret generated by cert-manager.
+        the app. It also triggers a deletion of the OAuth2Client object. It
+        also does not remove the TLS secret generated by cert-manager.
         """
         self.__delete_kustomization()
 
@@ -123,20 +120,6 @@ class App(db.Model):
         db.session.delete(self)
         return db.session.commit()
 
-    def __generate_secrets(self):
-        """Generates passwords for app installation"""
-        # Create app variables secret
-        if self.variables_template_filepath:
-            k8s.create_variables_secret(self.slug, self.variables_template_filepath)
-
-        k8s.create_variables_secret(
-            self.slug,
-            os.path.join(
-                self.__get_templates_dir(),
-                "stackspin-oauth-variables.yaml.jinja"
-            )
-        )
-
     def __create_kustomization(self):
         """Creates the `add-{app_slug}` kustomization in the Kubernetes cluster"""
         kustomization_template_filepath = \
@@ -148,16 +131,6 @@ class App(db.Model):
         """Deletes kustomization for this app"""
         k8s.delete_kustomization(f"add-{self.slug}")
 
-
-    @property
-    def variables_template_filepath(self):
-        """Path to the variables template used to generate secrets the app needs"""
-        variables_template_filepath = os.path.join(self.__get_templates_dir(),
-                f"stackspin-{self.slug}-variables.yaml.jinja")
-        if os.path.exists(variables_template_filepath):
-            return variables_template_filepath
-        return None
-
     @property
     def namespace(self):
         """
@@ -203,7 +176,7 @@ class App(db.Model):
 
     @staticmethod
     def __get_templates_dir():
-        """Returns directory that contains the Jinja templates used to create app secrets."""
+        """Returns directory that contains the Jinja templates for kubernetes manifests."""
         return os.path.join(os.path.dirname(os.path.realpath(__file__)), "templates")
 
 
diff --git a/backend/areas/apps/templates/stackspin-hedgedoc-variables.yaml.jinja b/backend/areas/apps/templates/stackspin-hedgedoc-variables.yaml.jinja
deleted file mode 100644
index e0d33962..00000000
--- a/backend/areas/apps/templates/stackspin-hedgedoc-variables.yaml.jinja
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: stackspin-hedgedoc-variables
-data:
-  hedgedoc_mariadb_password: "{{ 32 | generate_password | b64encode }}"
-  hedgedoc_mariadb_root_password: "{{ 32 | generate_password | b64encode }}"
diff --git a/backend/areas/apps/templates/stackspin-nextcloud-variables.yaml.jinja b/backend/areas/apps/templates/stackspin-nextcloud-variables.yaml.jinja
deleted file mode 100644
index 7544f9cf..00000000
--- a/backend/areas/apps/templates/stackspin-nextcloud-variables.yaml.jinja
+++ /dev/null
@@ -1,13 +0,0 @@
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: stackspin-nextcloud-variables
-data:
-  nextcloud_password: "{{ 32 | generate_password | b64encode }}"
-  nextcloud_mariadb_password: "{{ 32 | generate_password | b64encode }}"
-  nextcloud_mariadb_root_password: "{{ 32 | generate_password | b64encode }}"
-  nextcloud_redis_password: "{{ 32 | generate_password | b64encode }}"
-  onlyoffice_database_password: "{{ 32 | generate_password | b64encode }}"
-  onlyoffice_jwt_secret: "{{ 32 | generate_password | b64encode }}"
-  onlyoffice_rabbitmq_password: "{{ 32 | generate_password | b64encode }}"
diff --git a/backend/areas/apps/templates/stackspin-oauth-variables.yaml.jinja b/backend/areas/apps/templates/stackspin-oauth-variables.yaml.jinja
deleted file mode 100644
index 32a0ab07..00000000
--- a/backend/areas/apps/templates/stackspin-oauth-variables.yaml.jinja
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: stackspin-{{ app }}-oauth-variables
-data:
-  client_id: "{{ app | b64encode }}"
-  client_secret: "{{ 32 | generate_password | b64encode }}"
diff --git a/backend/areas/apps/templates/stackspin-wekan-variables.yaml.jinja b/backend/areas/apps/templates/stackspin-wekan-variables.yaml.jinja
deleted file mode 100644
index b5bad3dc..00000000
--- a/backend/areas/apps/templates/stackspin-wekan-variables.yaml.jinja
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: stackspin-wekan-variables
-data:
-  mongodb_password: "{{ 32 | generate_password | b64encode }}"
-  mongodb_root_password: "{{ 32 | generate_password | b64encode }}"
diff --git a/backend/areas/apps/templates/stackspin-wordpress-variables.yaml.jinja b/backend/areas/apps/templates/stackspin-wordpress-variables.yaml.jinja
deleted file mode 100644
index b491834d..00000000
--- a/backend/areas/apps/templates/stackspin-wordpress-variables.yaml.jinja
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: stackspin-wordpress-variables
-data:
-  wordpress_admin_password: "{{ 32 | generate_password | b64encode }}"
-  wordpress_mariadb_password: "{{ 32 | generate_password | b64encode }}"
-  wordpress_mariadb_root_password: "{{ 32 | generate_password | b64encode }}"
diff --git a/backend/areas/apps/templates/stackspin-zulip-variables.yaml.jinja b/backend/areas/apps/templates/stackspin-zulip-variables.yaml.jinja
deleted file mode 100644
index 80fc8f48..00000000
--- a/backend/areas/apps/templates/stackspin-zulip-variables.yaml.jinja
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: stackspin-zulip-variables
-data:
-  admin_password: "{{ 32 | generate_password | b64encode }}"
-  memcached_password: "{{ 32 | generate_password | b64encode }}"
-  rabbitmq_password: "{{ 32 | generate_password | b64encode }}"
-  rabbitmq_erlang_cookie: "{{ 32 | generate_password | b64encode }}"
-  redis_password: "{{ 32 | generate_password | b64encode }}"
-  postgresql_password: "{{ 32 | generate_password | b64encode }}"
-  zulip_password: "{{ 32 | generate_password | b64encode }}"
-- 
GitLab