remove default Admin account /environment variables (#938)

harness · Jan 3, 2024 · 4c90cec · 4c90cec
1 parent dd49c18
commit 4c90cec
Show file tree

Hide file tree

Showing 6 changed files with 15 additions and 2 deletions.
diff --git a/.local.env b/.local.env
@@ -1,5 +1,6 @@
 GITNESS_TRACE=true
 GITNESS_GIT_TRACE=true
+GITNESS_PRINCIPAL_ADMIN_EMAIL=admin@gitness.io
 GITNESS_PRINCIPAL_ADMIN_PASSWORD=changeit
 GITNESS_WEBHOOK_ALLOW_LOOPBACK=true
 GITNESS_METRIC_ENABLED=false
diff --git a/app/api/controller/repo/create.go b/app/api/controller/repo/create.go
@@ -56,6 +56,8 @@ type CreateInput struct {
 }
 
 // Create creates a new repository.
+//
+//nolint:gocognit
 func (c *Controller) Create(ctx context.Context, session *auth.Session, in *CreateInput) (*types.Repository, error) {
 	parentSpace, err := c.getSpaceCheckAuthRepoCreation(ctx, session, in.ParentRef)
 	if err != nil {

diff --git a/app/api/controller/webhook/create.go b/app/api/controller/webhook/create.go
@@ -44,6 +44,8 @@ type CreateInput struct {
 }
 
 // Create creates a new webhook.
+//
+//nolint:gocognit
 func (c *Controller) Create(
 	ctx context.Context,
 	session *auth.Session,

diff --git a/app/bootstrap/bootstrap.go b/app/bootstrap/bootstrap.go
@@ -32,6 +32,8 @@ import (
 // It is used for all operations executed by gitness itself.
 var systemServicePrincipal *types.Principal
 
+var ErrAdminEmailRequired = errors.New("config.Principal.Admin.Email is required")
+
 func NewSystemServiceSession() *auth.Session {
 	return &auth.Session{
 		Principal: *systemServicePrincipal,
@@ -78,6 +80,10 @@ func AdminUser(ctx context.Context, config *types.Config, userCtrl *user.Control
 		return nil
 	}
 
+	if config.Principal.Admin.Email == "" {
+		return fmt.Errorf("failed to set up admin user: %w", ErrAdminEmailRequired)
+	}
+
 	usr, err := userCtrl.FindNoAuth(ctx, config.Principal.Admin.UID)
 	if errors.Is(err, store.ErrResourceNotFound) {
 		usr, err = createAdminUser(ctx, config, userCtrl)

diff --git a/app/store/database/migrate/migrate_0039_alter_table_webhooks_uid.go b/app/store/database/migrate/migrate_0039_alter_table_webhooks_uid.go
@@ -181,6 +181,8 @@ func migrateAfter_0039_alter_table_webhooks_uid(ctx context.Context, dbtx *sql.T
 
 // WebhookDisplayNameToUID migrates the provided displayname to a webhook uid.
 // If randomize is true, a random suffix is added to randomize the uid.
+//
+//nolint:gocognit
 func WebhookDisplayNameToUID(displayName string, randomize bool) (string, error) {
 	const placeholder = '_'
 	const specialChars = ".-_"

diff --git a/types/config.go b/types/config.go
@@ -223,11 +223,11 @@ type Config struct {
 			Email       string `envconfig:"GITNESS_PRINCIPAL_PIPELINE_EMAIL"        default:"pipeline@gitness.io"`
 		}
 		// Admin defines the principal information used to create the admin user.
-		// NOTE: The admin user is only auto-created in case a password is provided.
+		// NOTE: The admin user is only auto-created in case a password and an email is provided.
 		Admin struct {
 			UID         string `envconfig:"GITNESS_PRINCIPAL_ADMIN_UID"           default:"admin"`
 			DisplayName string `envconfig:"GITNESS_PRINCIPAL_ADMIN_DISPLAY_NAME"  default:"Administrator"`
-			Email       string `envconfig:"GITNESS_PRINCIPAL_ADMIN_EMAIL"         default:"admin@gitness.io"`
+			Email       string `envconfig:"GITNESS_PRINCIPAL_ADMIN_EMAIL"`    // No default email
 			Password    string `envconfig:"GITNESS_PRINCIPAL_ADMIN_PASSWORD"` // No default password
 		}
 	}