k8s-manifests/jupyter/base/charts/jupyterhub/templates/hub/_helpers-passwords.tpl

93 lines
4 KiB
Smarty
Raw Normal View History

{{- /*
This file contains logic to lookup already
generated passwords or generate a new.
proxy.secretToken / hub.config.ConfigurableHTTPProxy.auth_token
hub.cookieSecret / hub.config.JupyterHub.cookie_secret
auth.state.cryptoKey* / hub.config.CryptKeeper.keys
*Note that the entire auth section is deprecated and users
are forced through "fail" in NOTES.txt to migrate to hub.config.
Note that lookup logic returns falsy value when run with
`helm diff upgrade`, so it is a bit troublesome to test.
*/}}
{{- /*
Returns given number of random Hex characters.
- randNumeric 4 | atoi generates a random number in [0, 10^4)
This is a range range evenly divisble by 16, but even if off by one,
that last partial interval offsetting randomness is only 1 part in 625.
- mod N 16 maps to the range 0-15
- printf "%x" represents a single number 0-15 as a single hex character
*/}}
{{- define "jupyterhub.randHex" -}}
{{- $result := "" }}
{{- range $i := until . }}
{{- $rand_hex_char := mod (randNumeric 4 | atoi) 16 | printf "%x" }}
{{- $result = print $result $rand_hex_char }}
{{- end }}
{{- $result }}
{{- end }}
{{- define "jupyterhub.hub.config.ConfigurableHTTPProxy.auth_token" -}}
{{- if (.Values.hub.config | dig "ConfigurableHTTPProxy" "auth_token" "") }}
{{- .Values.hub.config.ConfigurableHTTPProxy.auth_token }}
{{- else if .Values.proxy.secretToken }}
{{- .Values.proxy.secretToken }}
{{- else }}
{{- $k8s_state := lookup "v1" "Secret" .Release.Namespace (include "jupyterhub.hub.fullname" .) | default (dict "data" (dict)) }}
{{- if hasKey $k8s_state.data "hub.config.ConfigurableHTTPProxy.auth_token" }}
{{- index $k8s_state.data "hub.config.ConfigurableHTTPProxy.auth_token" | b64dec }}
{{- else }}
{{- randAlphaNum 64 }}
{{- end }}
{{- end }}
{{- end }}
{{- define "jupyterhub.hub.config.JupyterHub.cookie_secret" -}}
{{- if (.Values.hub.config | dig "JupyterHub" "cookie_secret" "") }}
{{- .Values.hub.config.JupyterHub.cookie_secret }}
{{- else if .Values.hub.cookieSecret }}
{{- .Values.hub.cookieSecret }}
{{- else }}
{{- $k8s_state := lookup "v1" "Secret" .Release.Namespace (include "jupyterhub.hub.fullname" .) | default (dict "data" (dict)) }}
{{- if hasKey $k8s_state.data "hub.config.JupyterHub.cookie_secret" }}
{{- index $k8s_state.data "hub.config.JupyterHub.cookie_secret" | b64dec }}
{{- else }}
{{- include "jupyterhub.randHex" 64 }}
{{- end }}
{{- end }}
{{- end }}
{{- define "jupyterhub.hub.config.CryptKeeper.keys" -}}
{{- if (.Values.hub.config | dig "CryptKeeper" "keys" "") }}
{{- .Values.hub.config.CryptKeeper.keys | join ";" }}
{{- else }}
{{- $k8s_state := lookup "v1" "Secret" .Release.Namespace (include "jupyterhub.hub.fullname" .) | default (dict "data" (dict)) }}
{{- if hasKey $k8s_state.data "hub.config.CryptKeeper.keys" }}
{{- index $k8s_state.data "hub.config.CryptKeeper.keys" | b64dec }}
{{- else }}
{{- include "jupyterhub.randHex" 64 }}
{{- end }}
{{- end }}
{{- end }}
{{- define "jupyterhub.hub.services.get_api_token" -}}
{{- $_ := index . 0 }}
{{- $service_key := index . 1 }}
{{- $explicitly_set_api_token := or ($_.Values.hub.services | dig $service_key "api_token" "") ($_.Values.hub.services | dig $service_key "apiToken" "") }}
{{- if $explicitly_set_api_token }}
{{- $explicitly_set_api_token }}
{{- else }}
{{- $k8s_state := lookup "v1" "Secret" $_.Release.Namespace (include "jupyterhub.hub.fullname" $_) | default (dict "data" (dict)) }}
{{- $k8s_secret_key := print "hub.services." $service_key ".apiToken" }}
{{- if hasKey $k8s_state.data $k8s_secret_key }}
{{- index $k8s_state.data $k8s_secret_key | b64dec }}
{{- else }}
{{- include "jupyterhub.randHex" 64 }}
{{- end }}
{{- end }}
{{- end }}