From b7f3de88bb51dc25379efbfc41b2247f3055c38a Mon Sep 17 00:00:00 2001
From: Erik Brakkee <erik@brakkee.org>
Date: Fri, 26 Jul 2024 21:11:40 +0200
Subject: [PATCH] Updated deployment with username and password settings.
 index.html template now also uses the configured password.

---
 cmd/converge/converge.go   |  4 ++++
 cmd/converge/fileserver.go |  1 +
 kubernetes/deployment.yaml |  6 ++++++
 static/index.html          | 13 +++++++------
 4 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/cmd/converge/converge.go b/cmd/converge/converge.go
index dd3f78a..1faac26 100644
--- a/cmd/converge/converge.go
+++ b/cmd/converge/converge.go
@@ -81,11 +81,15 @@ func main() {
 	username, ok := os.LookupEnv("CONVERGE_USERNAME")
 	if ok {
 		userPassword.Username = username
+	} else {
+		os.Setenv("CONVERGE_USERNAME", userPassword.Username)
 	}
 
 	password, ok := os.LookupEnv("CONVERGE_PASSWORD")
 	if ok {
 		userPassword.Password = password
+	} else {
+		os.Setenv("CONVERGE_PASSWORD", userPassword.Password)
 	}
 
 	log.Printf("Using username '%s' and password '%s'", userPassword.Username, userPassword.Password)
diff --git a/cmd/converge/fileserver.go b/cmd/converge/fileserver.go
index 1d38bec..d011542 100644
--- a/cmd/converge/fileserver.go
+++ b/cmd/converge/fileserver.go
@@ -59,6 +59,7 @@ func (handler FileHandlerFilter) ServeHTTP(w http.ResponseWriter, r *http.Reques
 		// let the filehandler generate the rror
 		handler.fileHandler.ServeHTTP(w, r)
 	}
+	filters["username"], _ = os.LookupEnv("CONVERGE_USERNAME")
 	err = tmpl.Execute(w, filters)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
diff --git a/kubernetes/deployment.yaml b/kubernetes/deployment.yaml
index aa6d050..120a39c 100644
--- a/kubernetes/deployment.yaml
+++ b/kubernetes/deployment.yaml
@@ -21,5 +21,11 @@ spec:
         name: converge
         ports:
           - containerPort: 8000
+        env:
+          - name: CONVERGE_USERNAME
+            value: converge
+          - name: CONVERGE_PASSWORD
+            # change this password in your final deployment
+            value: "abc123"
        
 
diff --git a/static/index.html b/static/index.html
index 72c0fa6..5053d0a 100644
--- a/static/index.html
+++ b/static/index.html
@@ -117,8 +117,8 @@
                 </p>
 
                 <pre>
-    ssh -oServerAliveInterval=10 -oProxyCommand="wsproxy ws{{.secure}}://{{.host}}/client/ID"  abc@localhost
-    sftp -oServerAliveInterval=10 -oProxyCommand="wsproxy ws{{.secure}}://{{.host}}/client/ID" abc@localhost
+    ssh -oServerAliveInterval=10 -oProxyCommand="wsproxy ws{{.secure}}://{{.host}}/client/ID"  {{ .username }}@localhost
+    sftp -oServerAliveInterval=10 -oProxyCommand="wsproxy ws{{.secure}}://{{.host}}/client/ID" {{ .username }}@localhost
     </pre>
 
                 <h2>Local clients: using SSH with a local TCP forwarding proxy</h2>
@@ -142,15 +142,16 @@
                 </p>
 
                 <pre>
-    ssh -oServerAliveInterval=10 -p 10000 abc@localhost
-    sftp -oServerAliveInterval=10 -oPort=10000 abc@localhost
+    ssh -oServerAliveInterval=10 -p 10000 {{ .username }}@localhost
+    sftp -oServerAliveInterval=10 -oPort=10000 {{ .username }}@localhost
     </pre>
 
                 <h2>Authentication</h2>
 
                 <p>
-                    The <code>abc</code> user above is defined by the Converge server and
-                    communicated to the agent when the agent is started.
+                    The <code>{{ .username }}</code> user above the Converge server and
+                    communicated to the agent when the agent is started. This is the
+                    username that must be used when setting up an ssh connection.
                     Another way to authenticate is through an .authorized_keys file in the
                     same directory as where the agent is started.