// initBootstrapUser creates the initial admin user for the database, and sets
// the initial password.
func initBootstrapUser(st *state.State, passwordHash string) error {
logger.Debugf("adding admin user")
// Set up initial authentication.
u, err := st.AddUser("admin", "")
if err != nil {
return err
}
// Note that at bootstrap time, the password is set to
// the hash of its actual value. The first time a client
// connects to mongo, it changes the mongo password
// to the original password.
logger.Debugf("setting password hash for admin user")
// TODO(jam): http://pad.lv/1248839
// We could teach bootstrap how to generate a custom salt and apply
// that to the hash that was generated. At which point we'd need to set
// it here. For now, we pass "" so that on first login we will create a
// new salt, but the fixed-salt password is still available from
// cloud-init.
if err := u.SetPasswordHash(passwordHash, ""); err != nil {
return err
}
if err := st.SetAdminMongoPassword(passwordHash); err != nil {
return err
}
return nil
}