Make server session secret configurable

Andrew Farries · roboquat · commit e05f0152284c · 2022-04-13T19:24:26.000+05:30
Default to the existing default value, but allow the value to be
overriden by a new experimental config value.
diff --git a/install/installer/pkg/components/server/configmap.go b/install/installer/pkg/components/server/configmap.go
@@ -40,6 +40,14 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) {
 		return nil
 	})
 
+	sessionSecret := "Important!Really-Change-This-Key!"
+	_ = ctx.WithExperimental(func(cfg *experimental.Config) error {
+		if cfg.WebApp != nil && cfg.WebApp.Session.Secret != "" {
+			sessionSecret = cfg.WebApp.Session.Secret
+		}
+		return nil
+	})
+
 	// todo(sje): all these values are configurable
 	scfg := ConfigSerialized{
 		Version:               ctx.VersionManifest.Version,
@@ -60,7 +68,7 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) {
 		},
 		Session: Session{
 			MaxAgeMs: 259200000,
-			Secret:   "Important!Really-Change-This-Key!", // todo(sje): how best to do this?
+			Secret:   sessionSecret,
 		},
 		DefinitelyGpDisabled: ctx.Config.DisableDefinitelyGP,
 		WorkspaceGarbageCollection: WorkspaceGarbageCollection{
diff --git a/install/installer/pkg/config/v1/experimental/experimental.go b/install/installer/pkg/config/v1/experimental/experimental.go
@@ -59,6 +59,9 @@ type WebAppConfig struct {
 	OAuthServer struct {
 		JWTSecret string `json:"jwtSecret"`
 	} `json:"oauthServer"`
+	Session struct {
+		Secret string `json:"secret"`
+	} `json:"session"`
 }
 
 type PublicAPIConfig struct {

Original file line number	Diff line number	Diff line change
`@@ -59,6 +59,9 @@ type WebAppConfig struct {`
`59`	`59`	`OAuthServer struct {`
`60`	`60`	JWTSecret string `json:"jwtSecret"`
`61`	`61`	} `json:"oauthServer"`
	`62`	`+ Session struct {`
	`63`	+ Secret string `json:"secret"`
	`64`	+ } `json:"session"`
`62`	`65`	`}`
`63`	`66`
`64`	`67`	`type PublicAPIConfig struct {`