(feat) Support for creating users on cluster init

[utdrmac]

Resolves #36

This feature allows for the creation of Valkey users on cluster initialization. The feature abstracts Valkey ACL permissions into several objects, giving better readability, and creation flexibility to users that may not be intimately familiar with Valkey ACLs.

[utdrmac]

e2e tests pass in my local kind cluster

=== RUN   TestE2E
  Starting valkey-operator e2e test suite
Running Suite: e2e suite - /home/utdrmac/dockers/valkey-operator/test/e2e
=======================================================================
Random Seed: 1770743918

Will run 10 of 10 specs
------------------------------
...
Ran 10 of 10 Specs in 135.056 seconds
SUCCESS! -- 10 Passed | 0 Failed | 0 Pending | 0 Skipped
--- PASS: TestE2E (135.06s)
PASS
ok  	valkey.io/valkey-operator/test/e2e	135.065s
make cleanup-test-e2e
...

[utdrmac]

K8S holds on to events for an extended period of time, even after a cluster is deleted. This call to purge events was added because subsequent e2e tests would fail if a previous test failed due to the e2e test fetching all events.

[bjosv]

Good catch. We could move it to valkeycluster_test.go to have it close to where its needed.
This is also the only testcase/context where we use involvedObject.name=valkeycluster-sample.
I guess it needs to be in a BeforeEach instead then.

[utdrmac]

The golangci-lint was only ran during github e2e tests, and it was frustrating for this to fail remotely. Simple change to check this locally first.

[utdrmac]

I added some comments for 2 changes outside the scope of the PR.

[jdheyburn]

This is great to see, thank you for putting the time in! Just left some comments for clarity

[sandeepkunusoth]

i think passwordEnabled or enabledPassword would be good naming here instead of NoPassword. Also i am not sure this is general use case of having nopass attached to user. if they really want to acheieve this they can always use rawacl.

[jdheyburn]

It might not be general or recommended, but if Valkey exposes it as an option it might be useful to abstract it away.

https://valkey.io/topics/acl/#configure-acls-with-the-acl-command

This boolean is used in the PR in a few places. If we were to remove NoPassword here, would we change those conditions to be 'nopass' in RawAcl (pseudocode) ?

[utdrmac]

I think the idea was since the ACL keyword is nopass then this follows-ish 1:1. Since the default is false if not specified, is there a strong reason to remove it? As the code is now, if removed, then passwords are always searched for even in a nopass=true case. The code would then need to check rawAcl for presence of nopass to achieve same logic.

[jdheyburn]

I think we're almost there with this PR, just pending @sandeepkunusoth approval from their remaining comments

[bjosv]

Good catch. We could move it to valkeycluster_test.go to have it close to where its needed.
This is also the only testcase/context where we use involvedObject.name=valkeycluster-sample.
I guess it needs to be in a BeforeEach instead then.

[bjosv]

Interesting that this isn't showing in CI, our current main (given by kubebuilder) uses

make lint            
...
Downloading github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.7.2
0 issues.

which is using
go: downloading github.com/alexkohler/prealloc v1.0.0

Is this seen with newer versions of golangci-lint/prealloc?

[utdrmac]

Must be. I'm using golangci-lint has version 2.8.0 built with go1.25.5

[bjosv]

LGTM, my previous comments are nits

[utdrmac]

Resolved conflict with c679809

[jdheyburn]

@utdrmac I think there is a bad merge pulling in some functions that no longer exist. Would you mind double checking to see what can be removed? Once that's done I'll approve and merge. Thanks again!