feat(shell): add alias to enable RBAC and GUI-auth

Kong · Mar 24, 2023 · 7ab8ace · 7ab8ace
1 parent 57259bf
commit 7ab8ace
Show file tree

Hide file tree

Showing 6 changed files with 35 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -811,6 +811,13 @@ The result should be a new PR on the Pongo repo.
 
 ---
 
+## 2.x.0 unreleased
+
+* Feat: add alias to enable authentication when in a Pongo shell
+  [#392](https://github.com/Kong/kong-pongo/pull/392).
+
+---
+
 ## 2.6.0 released 23-Mar-2023
 
 * Feat: Kong OSS 3.2.2

diff --git a/assets/Dockerfile b/assets/Dockerfile
@@ -16,6 +16,7 @@ COPY assets/pongo_pack.lua           /pongo/pongo_pack.lua
 COPY assets/kong_migrations_start.sh /pongo/kong_migrations_start.sh
 COPY assets/kong_start_dbless.sh     /pongo/kong_start_dbless.sh
 COPY assets/kong_export.sh           /pongo/kong_export.sh
+COPY assets/kong_setup_auth.sh       /pongo/kong_setup_auth.sh
 COPY assets/parse_git_branch.sh      /pongo/parse_git_branch.sh
 COPY assets/pongo_logo.sh            /pongo/pongo_logo.sh
 COPY assets/workspace_update.lua     /pongo/workspace_update.lua

diff --git a/assets/kong_migrations_start.sh b/assets/kong_migrations_start.sh
@@ -27,7 +27,7 @@ else
     if [ ! "$FILE_WSID" = "" ]; then
         echo "File contains workspaces, updating 'default' workspace uuid for import..."
         kong start
-        KONG_WSID=$(http :8001/workspaces/default | jq .id)
+        KONG_WSID=$(http :8001/workspaces/default "Kong-Admin-Token:$KONG_PASSWORD" | jq .id)
         kong stop
         echo "Rewriting file; replacing id of 'default' workspace '$FILE_WSID' with '$KONG_WSID'"
         lua /pongo/workspace_update.lua "$KONG_WSID" < "$IMPORT_FILE" > "/tmp/$KMS_FILENAME"

diff --git a/assets/kong_setup_auth.sh b/assets/kong_setup_auth.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+# ensure to source this file, not run it
+export KONG_ENFORCE_RBAC=on
+export KONG_ADMIN_GUI_AUTH=basic-auth
+export KONG_ADMIN_GUI_SESSION_CONF='{"secret":"pongo","storage":"kong","cookie_secure":false}'
+export KONG_ADMIN_GUI_URL=http://localhost:8002/
+
+echo "RBAC and GUI-auth have been enabled, restart Kong for it to take effect"
+echo "  GUI user: 'kong_admin'"
+echo "  GUI pwd : '$KONG_PASSWORD'"
+echo "  GUI url : '$KONG_ADMIN_GUI_URL'   (use 'pongo expose' to access the GUI from the host)"
+echo ""
+echo "The password should also to be used as 'Kong-Admin-Token' on API requests."
diff --git a/assets/pongo_entrypoint.sh b/assets/pongo_entrypoint.sh
@@ -133,6 +133,10 @@ fi
 if [ ! "$SUPPRESS_KONG_VERSION" = "true" ]; then
   if [ "$PONGO_COMMAND" = "shell" ]; then
     /pongo/pongo_logo.sh
+
+    # setup a password, only when in a shell, we do not want to risk it interfering
+    # with automated tests.
+    export KONG_PASSWORD="pongo"
   fi
   echo "Kong version: $(kong version)"
   echo ""

diff --git a/assets/pongo_profile.sh b/assets/pongo_profile.sh
@@ -9,17 +9,19 @@ alias kp='kong stop'
 alias kms='/pongo/kong_migrations_start.sh'
 alias kdbl='/pongo/kong_start_dbless.sh'
 alias kx='/pongo/kong_export.sh'
+alias kauth='. /pongo/kong_setup_auth.sh'
 
 # We want this to output without expanding variables
 # shellcheck disable=SC2016
 echo 'PS1="\[\e[00m\]\[\033[1;34m\][$PS1_KONG_VERSION:\[\e[91m\]$PS1_REPO_NAME\$(/pongo/parse_git_branch.sh)\[\033[1;34m\]:\[\033[1;92m\]\w\[\033[1;34m\]]$\[\033[00m\] "' >> /root/.bashrc
 
 echo ""
 echo "Get started quickly with the following aliases/shortcuts:"
-echo "  kms  - kong migrations start; wipe/initialize the database and start Kong clean,"
-echo "         importing declarative configuration if available."
-echo "  kdbl - kong start dbless; start Kong in dbless mode, requires a declarative configuration."
-echo "  ks   - kong start; starts Kong with the existing database contents (actually a restart)."
-echo "  kp   - kong stop; stop Kong."
-echo "  kx   - export the current Kong database to a declarative configuration file."
+echo "  kms   - kong migrations start; wipe/initialize the database and start Kong clean,"
+echo "          importing declarative configuration if available."
+echo "  kdbl  - kong start dbless; start Kong in dbless mode, requires a declarative configuration."
+echo "  ks    - kong start; starts Kong with the existing database contents (actually a restart)."
+echo "  kp    - kong stop; stop Kong."
+echo "  kx    - export the current Kong database to a declarative configuration file."
+echo "  kauth - setup authentication (RBAC and GUI-auth)."
 echo ""