user controller: allow definition of a username without password (#483)

rabbitmq · Nov 7, 2022 · 60556f8 · 60556f8
1 parent 4ce9927
commit 60556f8
Show file tree

Hide file tree

Showing 2 changed files with 63 additions and 1 deletion.
diff --git a/controllers/user_controller.go b/controllers/user_controller.go
@@ -13,6 +13,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+
 	topology "github.com/rabbitmq/messaging-topology-operator/api/v1beta1"
 	"github.com/rabbitmq/messaging-topology-operator/internal"
 	"github.com/rabbitmq/messaging-topology-operator/rabbitmqclient"
@@ -52,6 +53,15 @@ func (r *UserReconciler) declareCredentials(ctx context.Context, user *topology.
 		logger.Error(err, "failed to generate credentials")
 		return "", err
 	}
+	// Password wasn't in the provided input secret we need to generate a random one
+	if password == "" {
+		password, err = internal.RandomEncodedString(24)
+		if err != nil {
+			return "", fmt.Errorf("failed to generate random password: %w", err)
+		}
+
+	}
+
 	logger.Info("Credentials generated for User", "user", user.Name, "generatedUsername", username)
 
 	credentialSecret := corev1.Secret{
@@ -133,7 +143,7 @@ func (r *UserReconciler) importCredentials(ctx context.Context, secretName, secr
 	}
 	password, ok := credentialsSecret.Data["password"]
 	if !ok {
-		return "", "", fmt.Errorf("could not find password key in credentials secret: %s", credentialsSecret.Name)
+		return string(username), "", nil
 	}
 
 	logger.Info("Retrieved credentials from Secret", "secretName", secretName, "retrievedUsername", string(username))

diff --git a/system_tests/user_system_test.go b/system_tests/user_system_test.go
@@ -192,4 +192,56 @@ var _ = Describe("Users", func() {
 			Expect(generatedSecret.Data).To(HaveKeyWithValue("password", []uint8("-grace.hopper_9453$")))
 		})
 	})
+	When("providing a pre-defined username but autogenerated password", func() {
+		var credentialSecret corev1.Secret
+		BeforeEach(func() {
+			credentialSecret = corev1.Secret{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "credential-list-secret",
+					Namespace: namespace,
+				},
+				Type: corev1.SecretTypeOpaque,
+				Data: map[string][]byte{
+					"some.irrelevant.key": []byte("some-useless-value"),
+					"username":            []byte("`got*special_ch$racter5"),
+				},
+			}
+			Expect(k8sClient.Create(ctx, &credentialSecret, &client.CreateOptions{})).To(Succeed())
+			user = &topology.User{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "user-2",
+					Namespace: namespace,
+				},
+				Spec: topology.UserSpec{
+					RabbitmqClusterReference: topology.RabbitmqClusterReference{
+						Name: rmq.Name,
+					},
+					ImportCredentialsSecret: &corev1.LocalObjectReference{
+						Name: credentialSecret.Name,
+					},
+				},
+			}
+		})
+		AfterEach(func() {
+			Expect(k8sClient.Delete(context.Background(), &credentialSecret)).ToNot(HaveOccurred())
+			Expect(k8sClient.Delete(context.Background(), user)).To(Succeed())
+		})
+
+		It("sets the value of the Secret according to the provided user", func() {
+			By("declaring user")
+			Expect(k8sClient.Create(ctx, user, &client.CreateOptions{})).To(Succeed())
+
+			By("Creating a new Secret with the provided credentials secret")
+			generatedSecretKey := types.NamespacedName{
+				Name:      "user-2-user-credentials",
+				Namespace: namespace,
+			}
+			var generatedSecret = &corev1.Secret{}
+			Eventually(func() error {
+				return k8sClient.Get(ctx, generatedSecretKey, generatedSecret)
+			}, 30, 2).Should(Succeed())
+			Expect(generatedSecret.Data).To(HaveKeyWithValue("username", []uint8("`got*special_ch$racter5")))
+			Expect(generatedSecret.Data).To(HaveKey("password"))
+		})
+	})
 })