fix(notifiarr): Fix inability to change auth settings (#15294)

**Description**  Notifiarr treats env as a higher priority than its config file. Therefore, by setting the `DN_UI_PASSWORD` the user is not able to change the password or auth method via the Notifiarr UI. However, Notifiarr also generates a random password on the first run, which is stored in its config file. Therefore, if the `DB_UI_PASSWORD` env is not set the user will be expected to input the randomly generated password. To obtain it, the user must remember to inspect the logs on the first run of the app. To avoid this, I have added a simple init container that creates an empty config file (containing only a comment). This prevents Notifiarr from generating a new config file and thus a random password. When the config file is present but no password is set in it, Notifiarr accepts logins with the username of `admin` and the value of the `DN_API_KEY` env as the password. ⚒️ Fixes #  **⚙️ Type of change** - [ ] ⚙️ Feature/App addition - [X] 🪛 Bugfix - [ ] ⚠️ Breaking change (fix or feature that would cause existing functionality to not work as expected) - [ ] 🔃 Refactor of current code **🧪 How Has This Been Tested?**  Deployed via helm and tried to log in with the set API key. Then, I tried setting a password and changing the auth method. **📃 Notes:**  Note: Now that the `DB_UI_PASSWORD` env is not set anymore, the will be expected to log in with the password that is stored in the config file. If they haven't tried to change it via the UI, that password will be the randomly generated one on the first run of the app. Because of this, I am wondering if we should flag this update as breaking instead of as just a fix? **✔️ Checklist:** - [X] ⚖️ My code follows the style guidelines of this project - [X] 👀 I have performed a self-review of my own code - [X] #️⃣ I have commented my code, particularly in hard-to-understand areas - [X] 📄 I have made corresponding changes to the documentation - [X] ⚠️ My changes generate no new warnings - [X] 🧪 I have added tests to this description that prove my fix is effective or that my feature works - [X] ⬆️ I increased versions for any altered app according to semantic versioning **➕ App addition** If this PR is an app addition please make sure you have done the following. - [ ] 🪞 I have opened a PR on [truecharts/containers](https://github.com/truecharts/containers) adding the container to TrueCharts mirror repo. - [ ] 🖼️ I have added an icon in the Chart's root directory called `icon.png` --- _Please don't blindly check all the boxes. Read them and only check those that apply. Those checkboxes are there for the reviewer to see what is this all about and the status of this PR with a quick glance._ --------- Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com> Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
2023-12-08 23:21:35 +00:00 · 2023-12-08 23:21:35 +00:00 · 3e6a610508
parent d95230d8f9
commit 3e6a610508
4 changed files with 73 additions and 27 deletions
--- a/charts/stable/notifiarr/Chart.yaml
+++ b/charts/stable/notifiarr/Chart.yaml
@ -1,7 +1,7 @@
 kubeVersion: ">=1.24.0"
 apiVersion: v2
 name: notifiarr
-version: 1.0.11
+version: 1.0.12
 appVersion: 0.7.0
 description:
  This is the unified client for Notifiarr.com. The client enables content
--- a/charts/stable/notifiarr/docs/how-to.md
+++ b/charts/stable/notifiarr/docs/how-to.md
@ -0,0 +1,34 @@
+# Setup Guide
+
+## Requirements
+
+- Your 'All integrations' API key from your account on `notifiarr.com`
+- Installation of the TrueCharts Catalog, starting [here](https://truecharts.org/manual/SCALE/guides/getting-started#adding-truecharts)
+
+## Install Notifiarr inside TrueNAS SCALE
+
+- Select `Apps` inside the `TrueNAS` menu,
+- Then choose the `Available Applications` tab,
+- and search for `notifiarr`
+
+- Click the Install button, and you’ll be prompted to set up Notifiarr.
+- Most of the settings can be left at the default values, but ensure to add in your API key
+- Take note of the default port (5454) that **Notifiarr** is listening on.
+
+## Notifiarr Initial Setup
+
+For your first time log in, use the username `admin` and the API key you configured as the password.
+
+After you log in, navigate to **`admin` -> `Profile`**. Input your API key as the current password and type in a new password in the new password field. Save your changes.
+
+:::danger
+
+Create a new password right away and do not share your API key (or password) with anyone unless you absolutely, 100%, trust them!
+
+:::
+
+## Support
+
+- You can also reach us using [Discord](https://discord.gg/tVsPTHWTtr) for real-time feedback and support
+- If you found a bug in our chart, open a Github [issue](https://github.com/truecharts/apps/issues/new/choose)
+- For further information on operating **Notifiarr** itself, start with their [Quick Start Guide](https://notifiarr.wiki/en/QuickStart).
--- a/charts/stable/notifiarr/questions.yaml
+++ b/charts/stable/notifiarr/questions.yaml
@ -21,7 +21,11 @@ questions:
      attrs:
        - variable: apikey
          label: Notifiarr All API Key
-          description: Notifiarr All Integrations API key from https://notifiarr.com
+          description: |
+            Notifiarr All Integrations API key from https://notifiarr.com</br>
+            NOTE: Use 'admin' as username and your API key as the password</br>
+            for your first-time login credentials.</br>
+            After login you must change your password from the UI.
          schema:
            type: string
            default: ""
@ -41,26 +45,6 @@ questions:
                  type: string
                  default: ""
                  required: true
-        - variable: credentials
-          label: Web UI Credentials
-          schema:
-            additional_attrs: true
-            type: dict
-            attrs:
-              - variable: username
-                label: Web UI Username
-                description: Default username is admin. Change it here.
-                schema:
-                  type: string
-                  default: ""
-                  required: true
-              - variable: password
-                label: Web UI Password
-                description: Set a first time login password (minimum 9 characters) & change the password from the Web UI to encrypt it. If you don't set this you will need to check the logs on first start to find the generated password.
-                schema:
-                  type: string
-                  default: ""
-                  required: true
 # Include{containerConfig}
 # Include{podOptions}
 # Include{serviceRoot}
--- a/charts/stable/notifiarr/values.yaml
+++ b/charts/stable/notifiarr/values.yaml
@ -3,12 +3,12 @@ image:
  pullPolicy: IfNotPresent
  tag: 0.7.0@sha256:5080028cabe9169a84ebfeab0d38df1496a56965fa72a1072397e13dac5cf9bc
 notifiarr:
+  # This will be your password for your first-time login.
+  # Use the username 'admin' and the API key as password to log in.
+  # After login you must change your password from the UI
  apikey: "test"
  upstreams:
    - 172.16.0.0/16
-  credentials:
-    username: ""
-    password: ""
 service:
  main:
    ports:
@ -18,6 +18,30 @@ service:
 workload:
  main:
    podSpec:
+      initContainers:
+        init-conf:
+          enabled: true
+          # We run it on every boot just in case an upgrade (or the user)
+          # manages to nuke the config file
+          type: init
+          imageSelector: alpineImage
+          command: /bin/sh
+          # This script creates an (almost) empty config file with the aim to prevent
+          # Notifiarr from generating a default password.
+          # When no default password is generated the configured API key and a default
+          # username ('admin') are used for logging in.
+          args:
+            - -c
+            - |
+              export CONF={{ printf "%s/notifiarr.conf" .Values.persistence.config.targetSelector.main.main.mountPath }}
+
+              test -f "$CONF" && echo "Config exists, skipping creation..." && exit 0
+
+              echo "Creating a minimal config in [$CONF]..."
+
+              echo "# Dummy comment" > "$CONF" || echo "Failed to create a minimal config..."
+
+              echo "Finished."
      containers:
        main:
          env:
@ -25,11 +49,15 @@ workload:
            DN_API_KEY: "{{ .Values.notifiarr.apikey }}"
            DN_BIND_ADDR: '{{ printf "0.0.0.0:%v" .Values.service.main.ports.main.port }}'
            DN_UPSTREAMS_0: '{{ join " " .Values.notifiarr.upstreams }}'
-            DN_UI_PASSWORD: '{{ printf "%v:%v" .Values.notifiarr.credentials.username .Values.notifiarr.credentials.password }}'
 persistence:
  config:
    enabled: true
-    mountPath: /config
+    targetSelector:
+      main:
+        main:
+          mountPath: /config
+        init-conf:
+          mountPath: /config
  machine-id:
    enabled: true
    type: hostPath