Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix issue with conflicting User annotations #899

Conversation

evheniyt
Copy link
Contributor

@evheniyt evheniyt commented Nov 10, 2024

Description

Correctly set annotations for Secret that stores multiple User passwords.
OsUserNameAnnotation will be assigned only to the Secret that is storing the password for a single user. Otherwise, if Secret is used by multiple Users this annotation will be skipped.

To support correct reconciliation for multi-user Secret, I have added iteration over secretObj.Data.
In the case of multi-user Secret, reconciliation will work only if the Secret keys correspond to the User name. So in theory there could be a breaking change here for people who are using multi-user Secret and have different Secret keys and User names.

Issues Resolved

Closes #884

Check List

  • Commits are signed per the DCO using --signoff
  • Unittest added for the new/changed functionality and all unit tests are successful
  • Customer-visible features documented
  • No linter warnings (make lint)

Please refer to the PR guidelines before submitting this pull request.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

Signed-off-by: Yevhenii Tiutiunnyk <evheniytyutyunnik@gmail.com>
Comment on lines 1149 to 1150
Also, it is possible to store multiple Users password in the same Secret. To do this, you should create a secret where
each key will be equal to a username and value is a user password.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please rewrite this to make it clearer that if multiple passwords are stored in one secret it must be done this way because the operator expects it. Right now it sounds like a suggestion, but the way you have written the code it would not work correctly otherwise.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

Signed-off-by: Yevhenii Tiutiunnyk <evheniytyutyunnik@gmail.com>
@swoehrl-mw swoehrl-mw merged commit 10881e9 into opensearch-project:main Nov 18, 2024
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: ✅ Done
Development

Successfully merging this pull request may close these issues.

[BUG] Annotations conflict when using a single Secret for multiple users
2 participants