Skip to content

Commit ce11270

Browse files
andrewstuckiandrewstucki
authored
Explicitly always set mechanism in users.txt (#546)
* Explicitly always set mechanism in users.txt * Regenerate golden file * Add changelog * Run task generate
1 parent a6c0672 commit ce11270

File tree

5 files changed

+27
-12
lines changed

5 files changed

+27
-12
lines changed

.changes/unreleased/charts-redpanda-Fixed-20250321-091820.yaml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
project: charts/redpanda
2+
kind: Fixed
3+
body: Fixed an issue where not explicitly specifying a SASL auth mechanism when SASL is enabled caused Console to fail to start up.
4+
time: 2025-03-21T09:18:20.535475-04:00

charts/redpanda/CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,7 @@ and is generated by [Changie](https://github.com/miniscruff/changie).
2525
When Redpanda custom resource has enabled RBAC the reconciliation was blocked due
2626
ClusterRoleBinding referencing not yet created ClusterRole.
2727

28+
* Fixed an issue where not explicitly specifying a SASL auth mechanism when SASL is enabled caused Console to fail to start up.
2829

2930
## v5.9.20 - 2025-02-06
3031
### Changed

charts/redpanda/secrets.go

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -172,13 +172,19 @@ func SecretSASLUsers(dot *helmette.Dot) *corev1.Secret {
172172
StringData: map[string]string{},
173173
}
174174
usersTxt := []string{}
175+
176+
defaultMechanism := DefaultSASLMechanism
177+
if values.Auth.SASL.Mechanism != "" {
178+
defaultMechanism = values.Auth.SASL.Mechanism
179+
}
180+
175181
// Working around lack of support for += or strings.Join at the moment
176182
for _, user := range values.Auth.SASL.Users {
177-
if helmette.Empty(user.Mechanism) {
178-
usersTxt = append(usersTxt, fmt.Sprintf("%s:%s", user.Name, user.Password))
179-
} else {
180-
usersTxt = append(usersTxt, fmt.Sprintf("%s:%s:%s", user.Name, user.Password, user.Mechanism))
183+
mechanism := defaultMechanism
184+
if !helmette.Empty(user.Mechanism) {
185+
mechanism = user.Mechanism
181186
}
187+
usersTxt = append(usersTxt, fmt.Sprintf("%s:%s:%s", user.Name, user.Password, mechanism))
182188
}
183189
secret.StringData["users.txt"] = helmette.Join("\n", usersTxt)
184190
return secret

charts/redpanda/templates/_secrets.go.tpl

Lines changed: 11 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -57,12 +57,16 @@
5757
{{- if (and (and (ne $values.auth.sasl.secretRef "") $values.auth.sasl.enabled) (gt ((get (fromJson (include "_shims.len" (dict "a" (list $values.auth.sasl.users) ))) "r") | int) (0 | int))) -}}
5858
{{- $secret := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "v1" "kind" "Secret" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" $values.auth.sasl.secretRef "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") )) "type" "Opaque" "stringData" (dict ) )) -}}
5959
{{- $usersTxt := (list ) -}}
60+
{{- $defaultMechanism := "SCRAM-SHA-512" -}}
61+
{{- if (ne $values.auth.sasl.mechanism "") -}}
62+
{{- $defaultMechanism = $values.auth.sasl.mechanism -}}
63+
{{- end -}}
6064
{{- range $_, $user := $values.auth.sasl.users -}}
61-
{{- if (empty $user.mechanism) -}}
62-
{{- $usersTxt = (concat (default (list ) $usersTxt) (list (printf "%s:%s" $user.name $user.password))) -}}
63-
{{- else -}}
64-
{{- $usersTxt = (concat (default (list ) $usersTxt) (list (printf "%s:%s:%s" $user.name $user.password $user.mechanism))) -}}
65+
{{- $mechanism := $defaultMechanism -}}
66+
{{- if (not (empty $user.mechanism)) -}}
67+
{{- $mechanism = $user.mechanism -}}
6568
{{- end -}}
69+
{{- $usersTxt = (concat (default (list ) $usersTxt) (list (printf "%s:%s:%s" $user.name $user.password $mechanism))) -}}
6670
{{- end -}}
6771
{{- if $_is_returning -}}
6872
{{- break -}}
@@ -93,9 +97,9 @@
9397
{{- break -}}
9498
{{- end -}}
9599
{{- $secretName := (printf "%s-bootstrap-user" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) -}}
96-
{{- $_203_existing_4_ok_5 := (get (fromJson (include "_shims.lookup" (dict "a" (list "v1" "Secret" $dot.Release.Namespace $secretName) ))) "r") -}}
97-
{{- $existing_4 := (index $_203_existing_4_ok_5 0) -}}
98-
{{- $ok_5 := (index $_203_existing_4_ok_5 1) -}}
100+
{{- $_209_existing_4_ok_5 := (get (fromJson (include "_shims.lookup" (dict "a" (list "v1" "Secret" $dot.Release.Namespace $secretName) ))) "r") -}}
101+
{{- $existing_4 := (index $_209_existing_4_ok_5 0) -}}
102+
{{- $ok_5 := (index $_209_existing_4_ok_5 1) -}}
99103
{{- if $ok_5 -}}
100104
{{- $_is_returning = true -}}
101105
{{- (dict "r" $existing_4) | toJson -}}

charts/redpanda/testdata/template-cases.golden.txtar

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -83086,7 +83086,7 @@ metadata:
8308683086
namespace: default
8308783087
stringData:
8308883088
users.txt: |-
83089-
empty-mechanism:valid
83089+
empty-mechanism:valid:SCRAM-SHA-512
8309083090
mechanism-256:valid:SCRAM-SHA-256
8309183091
mechanism-512:valid:SCRAM-SHA-512
8309283092
type: Opaque

0 commit comments

Comments
 (0)