diff --git a/site/src/content/docs/commands/zarf_init.md b/site/src/content/docs/commands/zarf_init.md index 8fc88244c3..b9b02c183e 100644 --- a/site/src/content/docs/commands/zarf_init.md +++ b/site/src/content/docs/commands/zarf_init.md @@ -63,7 +63,7 @@ $ zarf init --artifact-push-password={PASSWORD} --artifact-push-username={USERNA --git-pull-password string Password for the pull-only user to access the git server --git-pull-username string Username for pull-only access to the git server --git-push-password string Password for the push-user to access the git server - --git-push-username string Username to access to the git server Zarf is configured to use. User must be able to create repositories via 'git push' (default "zarf-git-user") + --git-push-username string Username to access to the git server Zarf is configured to use. User must be able to create repositories via 'git push' --git-url string External git server url to use for this Zarf cluster -h, --help help for init -k, --key string Path to public key file for validating signed packages @@ -71,7 +71,7 @@ $ zarf init --artifact-push-password={PASSWORD} --artifact-push-username={USERNA --registry-pull-password string Password for the pull-only user to access the registry --registry-pull-username string Username for pull-only access to the registry --registry-push-password string Password for the push-user to connect to the registry - --registry-push-username string Username to access to the registry Zarf is configured to use (default "zarf-push") + --registry-push-username string Username to access to the registry Zarf is configured to use --registry-secret string Registry secret value --registry-url string External registry url address to use for this Zarf cluster --retries int Number of retries to perform for Zarf deploy operations like git/image pushes or Helm installs (default 3) diff --git a/site/src/content/docs/commands/zarf_package_mirror-resources.md b/site/src/content/docs/commands/zarf_package_mirror-resources.md index 1b6abb8fd9..5b5026ff33 100644 --- a/site/src/content/docs/commands/zarf_package_mirror-resources.md +++ b/site/src/content/docs/commands/zarf_package_mirror-resources.md @@ -49,7 +49,7 @@ $ zarf package mirror-resources \ --components string Comma-separated list of components to mirror. This list will be respected regardless of a component's 'required' or 'default' status. Globbing component names with '*' and deselecting components with a leading '-' are also supported. --confirm Confirms package deployment without prompting. ONLY use with packages you trust. Skips prompts to review SBOM, configure variables, select optional components and review potential breaking changes. --git-push-password string Password for the push-user to access the git server - --git-push-username string Username to access to the git server Zarf is configured to use. User must be able to create repositories via 'git push' (default "zarf-git-user") + --git-push-username string Username to access to the git server Zarf is configured to use. User must be able to create repositories via 'git push' --git-url string External git server url to use for this Zarf cluster -h, --help help for mirror-resources --no-img-checksum Turns off the addition of a checksum to image tags (as would be used by the Zarf Agent) while mirroring images. diff --git a/src/cmd/initialize.go b/src/cmd/initialize.go index 4d1c61363b..806d9740ec 100644 --- a/src/cmd/initialize.go +++ b/src/cmd/initialize.go @@ -24,7 +24,6 @@ import ( "github.com/zarf-dev/zarf/src/pkg/packager/sources" "github.com/zarf-dev/zarf/src/pkg/utils" "github.com/zarf-dev/zarf/src/pkg/zoci" - "github.com/zarf-dev/zarf/src/types" "github.com/spf13/cobra" ) @@ -181,11 +180,6 @@ func init() { rootCmd.AddCommand(initCmd) - // Init package variable defaults that are non-zero values - // NOTE: these are not in common.setDefaults so that zarf tools update-creds does not erroneously update values back to the default - v.SetDefault(common.VInitGitPushUser, types.ZarfGitPushUser) - v.SetDefault(common.VInitRegistryPushUser, types.ZarfRegistryPushUser) - // Init package set variable flags initCmd.Flags().StringToStringVar(&pkgConfig.PkgOpts.SetVariables, "set", v.GetStringMapString(common.VPkgDeploySet), lang.CmdInitFlagSet) diff --git a/src/cmd/package.go b/src/cmd/package.go index 8b1405e25c..de0724dc4f 100644 --- a/src/cmd/package.go +++ b/src/cmd/package.go @@ -432,8 +432,6 @@ func bindMirrorFlags(v *viper.Viper) { mirrorFlags := packageMirrorCmd.Flags() // Init package variable defaults that are non-zero values - // NOTE: these are not in common.setDefaults so that zarf tools update-creds does not erroneously update values back to the default - v.SetDefault(common.VInitGitPushUser, types.ZarfGitPushUser) v.SetDefault(common.VInitRegistryPushUser, types.ZarfRegistryPushUser) // Always require confirm flag (no viper) diff --git a/src/pkg/cluster/state.go b/src/pkg/cluster/state.go index 6ac941e87b..af68880284 100644 --- a/src/pkg/cluster/state.go +++ b/src/pkg/cluster/state.go @@ -156,11 +156,7 @@ func (c *Cluster) InitZarfState(ctx context.Context, initOptions types.ZarfInitO return fmt.Errorf("unable get default Zarf service account: %w", err) } - err = initOptions.GitServer.FillInEmptyValues() - if err != nil { - return err - } - state.GitServer = initOptions.GitServer + state.GitServer = initOptions.GitServer.FillInEmptyPullValues() err = initOptions.RegistryInfo.FillInEmptyValues() if err != nil { return err diff --git a/src/pkg/packager/deploy.go b/src/pkg/packager/deploy.go index 612fa5eb10..895d54d67b 100644 --- a/src/pkg/packager/deploy.go +++ b/src/pkg/packager/deploy.go @@ -116,6 +116,13 @@ func (p *Packager) Deploy(ctx context.Context) error { // Reset registry HPA scale down whether an error occurs or not defer p.resetRegistryHPA(ctx) + if p.cfg.Pkg.IsInitConfig() { + err := p.initZarfState(ctx, p.cfg.Pkg.Components) + if err != nil { + return err + } + } + // Get a list of all the components we are deploying and actually deploy them deployedComponents, err := p.deployComponents(ctx) if err != nil { @@ -231,6 +238,37 @@ func (p *Packager) deployComponents(ctx context.Context) (deployedComponents []t return deployedComponents, nil } +func (p *Packager) initZarfState(ctx context.Context, components []types.ZarfComponent) error { + requiresCluster := false + for _, component := range components { + if component.RequiresCluster() && p.state == nil { + requiresCluster = true + // TODO de duplicate + timeout := 5 * time.Minute + connectCtx, cancel := context.WithTimeout(ctx, timeout) + defer cancel() + if err := p.connectToCluster(connectCtx); err != nil { + return fmt.Errorf("unable to connect to the Kubernetes cluster: %w", err) + } + } + if component.Name == "git-server" && p.cfg.InitOpts.GitServer.Address == "" { + var err error + p.cfg.InitOpts.GitServer, err = types.GenerateNewInternalGitServerInfo() + if err != nil { + return err + } + } + } + + if requiresCluster && p.state == nil { + err := p.cluster.InitZarfState(ctx, p.cfg.InitOpts) + if err != nil { + return fmt.Errorf("unable to initialize Zarf state: %w", err) + } + } + return nil +} + func (p *Packager) deployInitComponent(ctx context.Context, component types.ZarfComponent) (charts []types.InstalledChart, err error) { hasExternalRegistry := p.cfg.InitOpts.RegistryInfo.Address != "" isSeedRegistry := component.Name == "zarf-seed-registry" @@ -243,14 +281,6 @@ func (p *Packager) deployInitComponent(ctx context.Context, component types.Zarf p.cfg.InitOpts.ApplianceMode = true } - // Always init the state before the first component that requires the cluster (on most deployments, the zarf-seed-registry) - if component.RequiresCluster() && p.state == nil { - err = p.cluster.InitZarfState(ctx, p.cfg.InitOpts) - if err != nil { - return nil, fmt.Errorf("unable to initialize Zarf state: %w", err) - } - } - if hasExternalRegistry && (isSeedRegistry || isInjector || isRegistry) { message.Notef("Not deploying the component (%s) since external registry information was provided during `zarf init`", component.Name) return nil, nil diff --git a/src/pkg/packager/prepare.go b/src/pkg/packager/prepare.go index a52cc9c0f4..1cd265148a 100644 --- a/src/pkg/packager/prepare.go +++ b/src/pkg/packager/prepare.go @@ -104,8 +104,7 @@ func (p *Packager) findImages(ctx context.Context) (imgMap map[string][]string, if err != nil { return nil, err } - gitServer := types.GitServerInfo{} - err = gitServer.FillInEmptyValues() + gitServer, err := types.GenerateNewInternalGitServerInfo() if err != nil { return nil, err } diff --git a/src/types/k8s.go b/src/types/k8s.go index 6277a0f7d7..f2fb5f0972 100644 --- a/src/types/k8s.go +++ b/src/types/k8s.go @@ -141,40 +141,41 @@ func (gs GitServerInfo) IsInternal() bool { return gs.Address == ZarfInClusterGitServiceURL } -// FillInEmptyValues sets every necessary value that's currently empty to a reasonable default -func (gs *GitServerInfo) FillInEmptyValues() error { - var err error - // Set default svc url if an external repository was not provided - if gs.Address == "" { - gs.Address = ZarfInClusterGitServiceURL +// GenerateNewInternalGitServerInfo generates a new GitServerInfo for the Zarf internal git server. +func GenerateNewInternalGitServerInfo() (GitServerInfo, error) { + pushPassword, err := helpers.RandomString(ZarfGeneratedPasswordLen) + if err != nil { + return GitServerInfo{}, fmt.Errorf("%s: %w", lang.ErrUnableToGenerateRandomSecret, err) } - // Generate a push-user password if not provided by init flag - if gs.PushPassword == "" { - if gs.PushPassword, err = helpers.RandomString(ZarfGeneratedPasswordLen); err != nil { - return fmt.Errorf("%s: %w", lang.ErrUnableToGenerateRandomSecret, err) - } + pullPassword, err := helpers.RandomString(ZarfGeneratedPasswordLen) + if err != nil { + return GitServerInfo{}, fmt.Errorf("%s: %w", lang.ErrUnableToGenerateRandomSecret, err) + } + + return GitServerInfo{ + Address: ZarfInClusterGitServiceURL, + PushPassword: pushPassword, + PushUsername: ZarfGitPushUser, + PullPassword: pullPassword, + PullUsername: ZarfGitReadUser, + }, nil +} + +// FillInEmptyPullValues sets every necessary value that's currently empty to a reasonable default +func (gs GitServerInfo) FillInEmptyPullValues() GitServerInfo { + if gs.Address == "" || gs.PushPassword == "" || gs.PushUsername == "" { + return gs } - // Set read-user information if using an internal repository, otherwise copy from the push-user if gs.PullUsername == "" { - if gs.IsInternal() { - gs.PullUsername = ZarfGitReadUser - } else { - gs.PullUsername = gs.PushUsername - } + gs.PullUsername = gs.PushUsername } + if gs.PullPassword == "" { - if gs.IsInternal() { - if gs.PullPassword, err = helpers.RandomString(ZarfGeneratedPasswordLen); err != nil { - return fmt.Errorf("%s: %w", lang.ErrUnableToGenerateRandomSecret, err) - } - } else { - gs.PullPassword = gs.PushPassword - } + gs.PullPassword = gs.PushPassword } - - return nil + return gs } // ArtifactServerInfo contains information Zarf uses to communicate with a artifact registry to push/pull repositories to.