Add a new value neo4j.passwordFromSecret
#118
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…sswordFromSecret Remove password failure test as it cannot be checked when user provides the secret
ojhughes
force-pushed
the
bugfix/secret-creation-data-race
branch
from
017d527
to
ab81ac0
Compare
ojhughes
changed the title
neo4j.passwordFromSecret
remove PVC patching as it logs an error
enys
reviewed
Nov 23, 2022
neo4j/templates/_helpers.tpl
Outdated
Comment on lines
102
to
104
| {{- if .Values.neo4j.passwordFromSecret -}} | ||
| {{- printf "$(kubectl get secret %s -o go-template='{{.data.NEO4J_AUTH | base64decode }}' | cut -d '/' -f2) " .Values.neo4j.passwordFromSecret -}} | ||
| {{- end -}} |
There was a problem hiding this comment.
Considering this was provided independently, do we really want to print it, and risk having it exposed in logs for example ?
There was a problem hiding this comment.
That's a good point. This only prints the command to run, not the actual value eg;
Your release "server1" has been installed in namespace "neo4j".
The neo4j user's password has been set to "$(kubectl get secret test-auth -o go-template='{{.data.NEO4J_AUTH | base64decode }}' | cut -d '/' -f2) ".To view the progress of the rollout try:
$ kubectl --namespace "neo4j" rollout status --watch --timeout=600s statefulset/server1
Once rollout is complete you can log in to Neo4j at "neo4j://server1.neo4j.svc.cluster.local:7687". Try:
$ kubectl run --rm -it --namespace "neo4j" --image "neo4j:5.1.0-enterprise" cypher-shell \
-- cypher-shell -a "neo4j://server1.neo4j.svc.cluster.local:7687" -u neo4j -p "$(kubectl get secret test-auth -o go-template='{{.data.NEO4J_AUTH | base64decode }}' | cut -d '/' -f2) "
There was a problem hiding this comment.
Indeed I read a bit fast the templating and got tricked by the comment in the description. Thanks !
harshitsinghvi22
approved these changes
Nov 24, 2022
harshitsinghvi22
requested changes
Nov 24, 2022
|
@harshitsinghvi22 thanks for the review, I made a few changes in response. |
bfeshti
approved these changes
Nov 24, 2022
harshitsinghvi22
approved these changes
Nov 24, 2022
|
hi colleagues, when can we get this on 4.4? |
This pull request was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Deploying a cluster using tools such as Terraform or Argo leads to a data race where the Helm chart creates a secret for Neo4j auth. Add a new value
neo4j.passwordFromSecretso the user can provide the auth secret to be used. This is more secure and avoids the secret creation data race