Add support for no-check flag in setup command (#8591)

* Add support for no-check flag in setup command - Added a new flag --no-check to the setup command to skip checking if setup is already complete. - This flag is useful when the setup process is already known to be complete and skipping the check can handle migration from diffrent auth type. * Add instructions for migrate from OSS to lakeFS Enterprise - Provided a command to execute for setting up lakeFS with credentials. - Noted that the new lakeFS instance remains inaccessible until full setup completion. * Update cmd/lakefs/cmd/setup.go Co-authored-by: isan_rivkin <[email protected]> * Update pkg/auth/metadata.go Co-authored-by: isan_rivkin <[email protected]> * Update setup logic for lakeFS - Added checks to verify if setup is already complete or comm preferences are set. * Update docs/enterprise/getstarted/migrate-from-oss.md Co-authored-by: isan_rivkin <[email protected]> --------- Co-authored-by: isan_rivkin <[email protected]>
treeverse · Feb 5, 2025 · 6914718 · 6914718
1 parent f7ba626
commit 6914718
Show file tree

Hide file tree

Showing 5 changed files with 55 additions and 21 deletions.
diff --git a/cmd/lakefs/cmd/run.go b/cmd/lakefs/cmd/run.go
@@ -241,7 +241,7 @@ var runCmd = &cobra.Command{
 		if (kvParams.Type == local.DriverName || kvParams.Type == mem.DriverName) &&
 			baseCfg.Installation.UserName != "" && baseCfg.Installation.AccessKeyID.SecureValue() != "" && baseCfg.Installation.SecretAccessKey.SecureValue() != "" {
 			setupCreds, err := setupLakeFS(ctx, baseCfg, authMetadataManager, authService, baseCfg.Installation.UserName,
-				baseCfg.Installation.AccessKeyID.SecureValue(), baseCfg.Installation.SecretAccessKey.SecureValue())
+				baseCfg.Installation.AccessKeyID.SecureValue(), baseCfg.Installation.SecretAccessKey.SecureValue(), false)
 			if err != nil {
 				logger.WithError(err).WithField("admin", baseCfg.Installation.UserName).Fatal("Failed to initial setup environment")
 			}
@@ -536,10 +536,10 @@ const localBanner = `
 
 var quickStartBanner = fmt.Sprintf(`
 │
-│ lakeFS running in quickstart mode. 
+│ lakeFS running in quickstart mode.
 │     Login at http://127.0.0.1:8000/
 │
-│     Access Key ID    : %s 
+│     Access Key ID    : %s
 │     Secret Access Key: %s
 │
 `, config.DefaultQuickstartKeyID, config.DefaultQuickstartSecretKey)

diff --git a/cmd/lakefs/cmd/setup.go b/cmd/lakefs/cmd/setup.go
@@ -2,6 +2,7 @@ package cmd
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"os"
 
@@ -60,6 +61,12 @@ var setupCmd = &cobra.Command{
 			os.Exit(1)
 		}
 
+		noCheck, err := cmd.Flags().GetBool("no-check")
+		if err != nil {
+			fmt.Printf("no-check: %s\n", err)
+			os.Exit(1)
+		}
+
 		var authService auth.Service
 		kvStore, err := kv.Open(ctx, kvParams)
 		if err != nil {
@@ -74,7 +81,7 @@ var setupCmd = &cobra.Command{
 		cloudMetadataProvider := stats.BuildMetadataProvider(logger, cfg)
 		metadata := stats.NewMetadata(ctx, logger, cfg.Blockstore.Type, authMetadataManage, cloudMetadataProvider)
 
-		credentials, err := setupLakeFS(ctx, cfg, authMetadataManage, authService, userName, accessKeyID, secretAccessKey)
+		credentials, err := setupLakeFS(ctx, cfg, authMetadataManage, authService, userName, accessKeyID, secretAccessKey, noCheck)
 		if err != nil {
 			fmt.Printf("Setup failed: %s\n", err)
 			os.Exit(1)
@@ -100,17 +107,32 @@ var setupCmd = &cobra.Command{
 	},
 }
 
-func setupLakeFS(ctx context.Context, cfg *config.BaseConfig, metadataManager auth.MetadataManager, authService auth.Service, userName string, accessKeyID string, secretAccessKey string) (*model.Credential, error) {
-	initialized, err := metadataManager.IsInitialized(ctx)
-	if err != nil || initialized {
-		// return on error or if already initialized
-		return nil, err
+func setupLakeFS(ctx context.Context, cfg *config.BaseConfig, metadataManager auth.MetadataManager, authService auth.Service, userName string, accessKeyID string, secretAccessKey string, noSetupCheck bool) (*model.Credential, error) {
+	var (
+		err            error
+		isCommPrefsSet = false
+	)
+	if noSetupCheck {
+		// check if we already set comm preferences, we like to skip reset in case we already set it
+		isCommPrefsSet, err = metadataManager.IsCommPrefsSet(ctx)
+		if err != nil && !errors.Is(err, auth.ErrNotFound) {
+			return nil, fmt.Errorf("check comm prefs: %w", err)
+		}
+	} else {
+		// check if already initialized
+		initialized, err := metadataManager.IsInitialized(ctx)
+		if err != nil || initialized {
+			// we return nil credentials to indicate setup is already complete
+			return nil, err
+		}
 	}
 
-	// mark comm prefs was not provided
-	_, err = metadataManager.UpdateCommPrefs(ctx, nil)
-	if err != nil {
-		return nil, fmt.Errorf("update comm prefs: %w", err)
+	if !isCommPrefsSet {
+		// mark comm prefs was not provided
+		_, err := metadataManager.UpdateCommPrefs(ctx, nil)
+		if err != nil {
+			return nil, fmt.Errorf("update comm prefs: %w", err)
+		}
 	}
 
 	// populate initial data and create admin user
@@ -130,6 +152,7 @@ func init() {
 	f.String("user-name", "", "an identifier for the user (e.g. \"jane.doe\")")
 	f.String("access-key-id", "", "AWS-format access key ID to create for that user (for integration)")
 	f.String("secret-access-key", "", "AWS-format secret access key to create for that user (for integration)")
+	f.Bool("no-check", false, "skip checking if setup is already complete and do anyway")
 	if err := f.MarkHidden("access-key-id"); err != nil {
 		// (internal error)
 		_, _ = fmt.Fprint(os.Stderr, err)

diff --git a/docs/enterprise/getstarted/migrate-from-oss.md b/docs/enterprise/getstarted/migrate-from-oss.md
@@ -22,6 +22,12 @@ To migrate from lakeFS Open Source to lakeFS Enterprise, follow the steps below:
    1. You should expect to see a log message saying Migration completed successfully.
    1. During this short db migration process please make sure not to make any policy / RBAC related changes.
 1. Once the migration completed - Upgrade your helm release with the modified `values.yaml` and the new version and run `helm ugprade`.
+1. Login to the new lakeFS pod: Execute the following command, make sure you have proper credentials, or discard to get new ones:
+   ```shell
+   lakefs setup --user-name <admin> --access-key-id <key> --secret-access-key <secret> --no-check
+   ```
+{: .warning }
+>Please note that the newly set up lakeFS instance remains inaccessible to users until full setup completion, due to the absence of established credentials within the system.
 
 [lakefs-enterprise-install]: {% link enterprise/getstarted/install.md %}
 [lakefs-enterprise-install-prerequisites]: {% link enterprise/getstarted/install.md %}#prerequisites
diff --git a/pkg/auth/metadata.go b/pkg/auth/metadata.go
@@ -19,6 +19,7 @@ import (
 const (
 	InstallationIDKeyName  = "installation_id"
 	SetupTimestampKeyName  = "setup_timestamp"
+	SetupAuthTypeKeyPrefix = "setup_auth_"
 	CommPrefsSetKeyName    = "comm_prefs_set"
 	EmailKeyName           = "encoded_user_email"
 	FeatureUpdatesKeyName  = "feature_updates"
@@ -47,7 +48,7 @@ type MetadataManager interface {
 	GetSetupState(ctx context.Context) (SetupStateName, error)
 	UpdateCommPrefs(ctx context.Context, commPrefs *CommPrefs) (string, error)
 	IsCommPrefsSet(ctx context.Context) (bool, error)
-	UpdateSetupTimestamp(context.Context, time.Time) error
+	UpdateSetupTimestamp(ctx context.Context, setupTime time.Time, authType string) error
 	GetMetadata(context.Context) (map[string]string, error)
 }
 
@@ -170,10 +171,13 @@ func (m *KVMetadataManager) writeMetadata(ctx context.Context, items map[string]
 	return nil
 }
 
-func (m *KVMetadataManager) UpdateSetupTimestamp(ctx context.Context, ts time.Time) error {
-	return m.writeMetadata(ctx, map[string]string{
-		SetupTimestampKeyName: ts.UTC().Format(time.RFC3339),
-	})
+func (m *KVMetadataManager) UpdateSetupTimestamp(ctx context.Context, setupTime time.Time, authType string) error {
+	setupTimeStr := setupTime.UTC().Format(time.RFC3339)
+	items := map[string]string{
+		SetupTimestampKeyName: setupTimeStr,
+	}
+	items[SetupAuthTypeKeyPrefix+authType] = setupTimeStr
+	return m.writeMetadata(ctx, items)
 }
 
 // UpdateCommPrefs - updates the comm prefs metadata.

diff --git a/pkg/auth/setup/setup.go b/pkg/auth/setup/setup.go
@@ -218,7 +218,7 @@ func CreateInitialAdminUser(ctx context.Context, authService auth.Service, cfg *
 	return CreateInitialAdminUserWithKeys(ctx, authService, cfg, metadataManger, username, nil, nil)
 }
 
-func CreateInitialAdminUserWithKeys(ctx context.Context, authService auth.Service, cfg *config.BaseConfig, metadataManger auth.MetadataManager, username string, accessKeyID *string, secretAccessKey *string) (*model.Credential, error) {
+func CreateInitialAdminUserWithKeys(ctx context.Context, authService auth.Service, cfg *config.BaseConfig, metadataManager auth.MetadataManager, username string, accessKeyID *string, secretAccessKey *string) (*model.Credential, error) {
 	adminUser := &model.SuperuserConfiguration{
 		User: model.User{
 			CreatedAt: time.Now(),
@@ -243,10 +243,11 @@ func CreateInitialAdminUserWithKeys(ctx context.Context, authService auth.Servic
 		return nil, err
 	}
 
-	// update setup timestamp
-	if err = metadataManger.UpdateSetupTimestamp(ctx, time.Now()); err != nil {
+	// update setup time with auth type used
+	if err = metadataManager.UpdateSetupTimestamp(ctx, time.Now(), cfg.Auth.UIConfig.RBAC); err != nil {
 		logging.FromContext(ctx).WithError(err).Error("Failed the update setup timestamp")
 	}
+
 	return cred, err
 }