[Feature] Add support for setting an admin user without setup #1505
Description
We are trying to deploy warpgate at a large scale fully automated, so we want the full end-to-end setup to be Infrastructure-as-Code without manual steps, as it is part of an automated product that shouldn't require user interaction.
There are two logical ways to do a full Infrastructure-as-Code setup:
- Using the unattended-setup command from Warpgate
- Writing a warpgate.yaml config to file from cloud-init, and then running warpgate without doing the setup.
We are running into the issue that unattended-setup doesn't have the flexibility of the yaml config, for example you can't set the TLS certificate path, while the manual config writing without running a setup doesn't set up any admin account I can use to get root access to then configure other accounts.
To do the setup now as IaC, we'd need to first set up a systemd unit to run the setup, and then run another systemd unit to overwrite the config.yaml, which is not a great setup. Ideally we'd like to either be able to set the TLS path in the setup, or be able to set up an initial user independently of the setup process. The second would be preferable as it's hard to keep the unattended-setup fully in-sync with the warpgate.yaml, so we'd prefer to just avoid the limited API of the setup command altogether.
Would it be possible to introduce a new command to the warpgate CLI to create an admin user without having to go through the setup or unattended-setup? Or allow the recovery command to create accounts if they're run against a non-existing account? Alternatively it would also work for us if unattended-setup wouldn't fail if a warpgate.yaml config was already present. Basically any method where we can first write the config, and then establish the admin user after.