Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

user secret not updated when creating cluster with default_user config #1018

Open
heimdull opened this issue Apr 17, 2022 · 8 comments
Open

user secret not updated when creating cluster with default_user config #1018

heimdull opened this issue Apr 17, 2022 · 8 comments
Assignees
@Zerpet
Labels
enhancement New feature or request never-stale Issue or PR marked to never go stale

Comments

@heimdull
Copy link

Describe the bug

When using the default_user/default_pass the kubernetes secret is not updated. When using the messaging-topology-operator with a set default_user you will get a 401 because it looks at the secret.

To Reproduce

Steps to reproduce the behavior:
deploy cluster with this additionalConfig:

spec:
rabbitmq:
additionalConfig: |
default_user=guest
default_pass=guest

Expected behavior
secret is used by other operators so it needs to be updated

Version and environment information

latest operator
@heimdull heimdull added the bug Something isn't working label Apr 17, 2022
@ChunyiLyu ChunyiLyu removed the bug Something isn't working label Apr 26, 2022
@ChunyiLyu
Copy link
Contributor

ChunyiLyu commented Apr 26, 2022
edited
Loading

@heimdull This is a known limitation with the operator. I could treat this as a feature request and discuss with the rest of the team.

Meanwhile, for a workaround, you could either update the secret manually yourself after the rmq is created. Alternatively, you can create a default user secret first with the expected username and password before you create the rabbitmqcluster. For example, if your rabbitmqcluster name is sample, you can create a secret, in the same namespace called sample-default-user:

apiVersion: v1
kind: Secret
metadata:
  name: sample-default-user
type: Opaque
stringData:
  username: guest-user
  password: guest-pass
  default_user.conf: |
    default_user = guest-user
    default_pass = guest-pass

Then you can create the rabbitmqcluster. There is no need to set the username&password in the rmq manifest with this approach.

@ChunyiLyu ChunyiLyu self-assigned this Apr 26, 2022
@ablease ablease added the blocked Waiting on other work or on 3rd party. label May 3, 2022
@ablease
Copy link
Contributor

ablease commented May 3, 2022

Waiting for response from issue creator, was this workaround suitable for them?

@heimdull
Copy link
Author

heimdull commented May 3, 2022

This works for us. After discovering your other operator that could create users we used that to generate the users we needed.

@ChunyiLyu
Copy link
Contributor

@heimdull thanks for replying. I will close this issue for now.

@lukebakken lukebakken mentioned this issue Apr 22, 2024
Closed
@lukebakken lukebakken reopened this Apr 22, 2024
@lukebakken
Copy link
Contributor

Re-opening so that this feature can be planned at some point.

@Zerpet Zerpet assigned Zerpet and unassigned ChunyiLyu Apr 22, 2024
@Zerpet Zerpet added enhancement New feature or request and removed blocked Waiting on other work or on 3rd party. labels Apr 22, 2024
@piotrlaczykowski
Copy link

Re-opening so that this feature can be planned at some point.

It would be nice

@Zerpet Zerpet added the never-stale Issue or PR marked to never go stale label May 29, 2024
@winston0410
Copy link

@heimdull This is a known limitation with the operator. I could treat this as a feature request and discuss with the rest of the team.

Meanwhile, for a workaround, you could either update the secret manually yourself after the rmq is created. Alternatively, you can create a default user secret first with the expected username and password before you create the rabbitmqcluster. For example, if your rabbitmqcluster name is sample, you can create a secret, in the same namespace called sample-default-user:

apiVersion: v1
kind: Secret
metadata:
  name: sample-default-user
type: Opaque
stringData:
  username: guest-user
  password: guest-pass
  default_user.conf: |
    default_user = guest-user
    default_pass = guest-pass

Then you can create the rabbitmqcluster. There is no need to set the username&password in the rmq manifest with this approach.

Is it possible that the CRD accept the secret instead, say in spec.cluster.defaultUserConfig, instead of relying on the name of the secret? For using tools like Kustomize, that would generate hash for secret based on its content, having that option would allow us to link the secret with the CRD properly.

@Zerpet
Copy link
Collaborator

Zerpet commented Oct 29, 2024

We can't support a Secret instead of the in-lined config without breaking changes, or without additional complexity e.g. what happens when default user/pass and a default user config secret are provided?

I will keep this issue to address the problem described by the OP. When default user/pass is present in additionalConfig, those values will be injected in the generated Secret for default user and password.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Zerpet Zerpet

Labels
enhancement New feature or request never-stale Issue or PR marked to never go stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@heimdull @lukebakken @Zerpet @ChunyiLyu @ablease @winston0410 @piotrlaczykowski