cli: allow for cockroach demo to start in secure mode

[rohany]

Fixes #45607.

Release note (cli change): This PR adds support for cockroach demo
to start in secure mode using the flag --insecure=false.

[cockroach-teamcity]

This change is 

[rohany]

cc @knz, this is a draft. I'm running into a problem where it seems to be working when I run on the CLI, but it fails during cluster setup in the Example_* tests. Does anything appear to standout as missing/wrong?

[knz]

Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @knz and @rohany)

---

pkg/cli/cli_test.go, line 417 at r1 (raw file):

	setCLIDefaultsForTests()
	for _, cmd := range testData {
		c.RunWithArgs(cmd)

Look at the code for RunWithArgs. It tries to be to clever and synthetizes extra arguments --insecure / --certs-dir and injects them into your demo commands. Is that maybe what causes the failure?
If you can't figure it out, please ping me and we can sit together to troubleshoot.

[rohany]

Yuck -- after a while I was able to narrow this down to the dummy asset loader set by the security test init.

[rohany]

A downside of this is that you now need to login/create a user to access the admin UI

[awoods187]

What is the motivation for this? Demo isn't meant for production applications and anything that puts friction into trial seems to be a mistake. I'd be fine for an option to start demo in secure to test that process out but why is it proposed as the default?

[knz]

What is the motivation for this?

The motivation for this comes from docs and IAM (talk to nate):

• cockroach demo does not enable teaching about SQL privileges (all privilege checking is disabled in insecure mode)
• cockroach demo does not enable teaching about roles (all role checking is disabled in insecure mode)
• cockroach demo does not enable teaching about multiple users (disabled in insecure mode)

If we want to have a good alignment between our docs, which teach about security, and cockroach demo, which is used to try docs out, demo needs to work like the secure thing.

[knz]

A downside of this is that you now need to login/create a user to access the admin UI

No. Please have cockroach demo auto-populate a password for the root user so they can log in in the UI. Make the root user have password admin and also print a reminder on the terminal when demo starts.

[jordanlewis]

To Andy's point, I'm only okay with this if it doesn't add any more hoops for the user to jump through to get a regular demo session. Demo just has to be a one-click, simple way to get started w/ both CLI and admin ui, please!

[rohany]

Ok, let me add the default user/password.

@jordanlewis this change doesn't affect the UX at all -- ./cockroach demo just starts a secure cluster without anything extra to do.

[rohany]

Discussed this at standup today with @awoods187 and @jordanlewis and I think it would be better to have demo have an opt-in secure mode, rather than secure by default. One of the reasons is that it is harder to use the admin UI -- you have to click through the certificate warning page and login, vs the admin UI just opening.

[knz]

ok with making this opt-in in 20.1 because of the cert warning in UI

But we can solve this (after 20.1) too and make secure default. The solution is to have the UI served in a non-SSL conn even though the cluster is secure. This feature/option is already planned for 20.2.

[rohany]

Updated the pr to:

• give the root user a password to login to the webui and notify the user about this
• use the flag --insecure=false to start cockroach demo in secure mode (to be in parity with other commands that use the --insecure flag.

[knz]

i'll review tomorrow at the earliest

[knz]

well done

Reviewed 7 of 7 files at r2.
Reviewable status: complete! 1 of 0 LGTMs obtained

[rohany]

bors r=knz

[craig]

Merge conflict (retrying...)

[craig]

Canceled (will resume)

[knz]

bors r-

[craig]

Canceled