You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Trying to update the credentials of test-user via its secret and update an annotation to the User object to trigger a Reconcile does not update the password even if the reconciliation is run by the messaging-topology-operator.
To Reproduce
Steps to reproduce the behavior:
Apply simple user creation:
---
apiVersion: rabbitmq.com/v1beta1
kind: Vhost
metadata:
name: test-vhost
spec:
name: test # vhost name
rabbitmqClusterReference:
name: rabbitmq-cluster # rabbitmqCluster must exist in the same namespace as this resource
---
apiVersion: v1
kind: Secret
metadata:
name: test-user-credentials
type: Opaque
stringData:
username: test-user # Note that Messaging Topology Operator does not watch this secret. Updating this secret object won't update actual user credentials.
password: verysecurepw # As a workaround, you can add a label or annotation to the User object to trigger a Reconile loop and credentials will be updated.
---
apiVersion: rabbitmq.com/v1beta1
kind: User
metadata:
name: test-user
annotations:
user-revision: "1"
spec:
tags:
- administrator # available tags are 'management', 'policymaker', 'monitoring' and 'administrator'
rabbitmqClusterReference:
name: rabbitmq-cluster
importCredentialsSecret:
name: test-user-credentials
---
apiVersion: rabbitmq.com/v1beta1
kind: Permission
metadata:
name: testuser-permission
spec:
vhost: "test"
user: "test-user" # name corresponds to the username we provided in "test-user-credentials" secret
permissions:
write: ".*"
configure: ""
read: ".*"
rabbitmqClusterReference:
name: rabbitmq-cluster
Update the secret password and update the annotation in the User object:
---
apiVersion: v1
kind: Secret
metadata:
name: test-user-credentials
type: Opaque
stringData:
username: test-user # Note that Messaging Topology Operator does not watch this secret. Updating this secret object won't update actual user credentials.
password: verysecurepw1 # As a workaround, you can add a label or annotation to the User object to trigger a Reconile loop and credentials will be updated.
---
apiVersion: rabbitmq.com/v1beta1
kind: User
metadata:
name: test-user
annotations:
user-revision: "2"
spec:
tags:
- administrator # available tags are 'management', 'policymaker', 'monitoring' and 'administrator'
rabbitmqClusterReference:
name: rabbitmq-cluster
importCredentialsSecret:
name: test-user-credentials
Login to the management UI panel via the test-user accepts only the old password.
Expected behavior
New updated password is working.
Version and environment information
Messaging Topology Operator: 1.10.1
RabbitMQ: 3.9.16
RabbitMQ Cluster Operator: 2.1.0
Kubernetes: 1.24.10
Cloud provider or hardware configuration: AWS EKS - c6g.large
The text was updated successfully, but these errors were encountered:
Hi @anthonyhaussman. Thank you to have opened this issue.
I also tried to reproduce it. In fact when you provide a secret to the user it happens that internally the operator create a new different secret. So in your case you provided test-user-credentials but you will see that another secret will be created in the same namespace: test-user-user-credentials and this is the one really taken for credentials.
So to let it works (and it seems is working) you need to modify this other secret and then add the annotation to the User to trigger a reconciliation.
I understand that probably it is not really an approach very "user-friendly" but indeed is just a workaround anyway.
Indeed modifying the other secret and putting the annotation on the user resource do the work.
It's not ideal from an application management point of view but I can live with that for now.
Describe the bug
Trying to update the credentials of
test-user
via its secret and update an annotation to the User object to trigger a Reconcile does not update the password even if the reconciliation is run by themessaging-topology-operator
.To Reproduce
Steps to reproduce the behavior:
Apply simple user creation:
Update the secret password and update the annotation in the User object:
Login to the management UI panel via the
test-user
accepts only the old password.Expected behavior
New updated password is working.
Version and environment information
The text was updated successfully, but these errors were encountered: