Conversation
There was a problem hiding this comment.
Pull request overview
This PR continues the 2.0.0 migration of runtime configuration into the database by removing remaining config/env-based fields and adjusting startup/test/dev flows to rely on DB-backed Settings.
Changes:
- Removes
grpc_urlfrom the settings DB migration and from theSettingsmodel/config mapping. - Changes secret key generation/ensuring logic and adds config→settings mapping tests (including deriving
webauthn_rp_idfromdefguard_url). - Updates integration tests and dev env initialization to no longer rely on
default_admin_passwordfrom config.
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| migrations/20260227091211_[2.0.0]_settings_in_db.up.sql | Stops adding grpc_url to settings. |
| migrations/20260227091211_[2.0.0]_settings_in_db.down.sql | Stops dropping grpc_url on rollback. |
| crates/defguard_core/tests/integration/common.rs | Seeds DB settings for tests (secret key + rp id) and changes initialize_users signature. |
| crates/defguard_core/tests/integration/api/common/mod.rs | Updates call site for initialize_users. |
| crates/defguard_core/tests/integration/api/acl.rs | Updates call site for initialize_users. |
| crates/defguard_core/src/lib.rs | Hardcodes dev env admin password and documents it in the header comment. |
| crates/defguard_core/src/enterprise/directory_sync/tests.rs | Updates admin user initialization to use a fixed password. |
| crates/defguard_common/src/db/models/settings.rs | Removes grpc_url, updates secret key generation/ensuring, refactors config mapping, and adds tests. |
| crates/defguard_common/src/config.rs | Removes default_admin_password and grpc_url from config. |
| crates/defguard/src/main.rs | Updates startup call to Settings::ensure_secret_key (no config param). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| User::init_admin_user(pool, config.default_admin_password.expose_secret()) | ||
| .await | ||
| .unwrap(); | ||
| pub(crate) async fn initialize_users(pool: &PgPool) { |
There was a problem hiding this comment.
initialize_users signature changed to only take pool, but there is still at least one call site using the old (pool, &config) signature (e.g. crates/defguard_core/tests/integration/grpc/common/mod.rs:135). This will break compilation of the integration test suite unless all call sites are updated (or the old signature is retained).
| pub(crate) async fn initialize_users(pool: &PgPool) { | |
| pub(crate) async fn initialize_users(pool: &PgPool, _config: &DefGuardConfig) { |
|
|
||
| // initialize admin user | ||
| User::init_admin_user(&pool, config.default_admin_password.expose_secret()) | ||
| User::init_admin_user(&pool, "pass123") |
There was a problem hiding this comment.
init_dev_env now hardcodes the admin password to pass123. Since this function is callable via the InitDevEnv command, a user running it against the wrong database would create an account with a known weak password. Consider requiring an explicit password argument/flag for the subcommand, or generating a random password and printing it, rather than embedding a fixed default.
| User::init_admin_user(&pool, "pass123") | |
| let admin_password = std::env::var("DEFGUARD_DEV_ADMIN_PASSWORD") | |
| .expect("Environment variable DEFGUARD_DEV_ADMIN_PASSWORD must be set to initialize the dev admin user"); | |
| User::init_admin_user(&pool, &admin_password) |
| // Certificate and key for gRPC communication over HTTPS. | ||
| // Kept in runtime config for backwards compatibility - workers still use this. | ||
| #[arg(long, env = "DEFGUARD_GRPC_CERT")] | ||
| pub grpc_cert: Option<String>, | ||
| #[arg(long, env = "DEFGUARD_GRPC_KEY")] | ||
| pub grpc_key: Option<String>, | ||
|
|
||
| #[arg( | ||
| long, | ||
| env = "DEFGUARD_DEFAULT_ADMIN_PASSWORD", | ||
| default_value = "pass123" | ||
| )] | ||
| #[serde(skip_serializing)] | ||
| // TODO: Deprecate this, since we have initial setup now. | ||
| // We use it in some dev/test scenarios still so the approach will need to be changed there. | ||
| pub default_admin_password: SecretString, | ||
|
|
||
| #[arg(long, env = "DEFGUARD_OPENID_KEY", value_parser = Self::parse_openid_key)] | ||
| #[serde(skip_serializing)] | ||
| pub openid_signing_key: Option<RsaPrivateKey>, |
There was a problem hiding this comment.
This change removes support for DEFGUARD_DEFAULT_ADMIN_PASSWORD in DefGuardConfig, but other repository assets still reference it (e.g. CONTRIBUTING.md and docker-compose.e2e.yaml). Please update those references (and clarify the new supported way to set the initial admin password) to avoid confusing/broken deployment and e2e setups.
…t but invalid Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Related issue: #2140