[FEATURE] Operator should automatically update User password if it was changed in the Secret #908
Labels
enhancement
New feature or request
Comments
evheniyt
added
enhancement
|
@swoehrl-mw I have few ideas on how we could improve and implement this, would you like me to share a PR? |
|
@evheniyt Please go ahead, PRs are always welcome. And thanks for reporting this. |
6 tasks
swoehrl-mw
pushed a commit
that referenced
this issue
Jan 10, 2025
### Description Solving a problem with updating User password if it was changed in the Secret by adding an additional attribute to the Opensearch user - `secret-version`. The logic relies on a default Kubernetes `ResourceVersion` behavior. ### Issues Resolved Closes #908 ### Check List - [x] Commits are signed per the DCO using --signoff - [x] Unittest added for the new/changed functionality and all unit tests are successful - [x] Customer-visible features documented - [x] No linter warnings (`make lint`) If CRDs are changed: - [x] CRD YAMLs updated (`make manifests`) and also copied into the helm chart - [x] Changes to CRDs documented Please refer to the [PR guidelines](https://github.com/opensearch-project/opensearch-k8s-operator/blob/main/docs/developing.md#submitting-a-pr) before submitting this pull request. By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin). Signed-off-by: Yevhenii Tiutiunnyk <evheniytyutyunnik@gmail.com>
github-project-automation
bot
moved this from 🆕 New
to ✅ Done
in Engineering Effectiveness Board
markbaumgarten
pushed a commit
to markbaumgarten/opensearch-k8s-operator
that referenced
this issue
Jan 17, 2025
…ct#922) ### Description Solving a problem with updating User password if it was changed in the Secret by adding an additional attribute to the Opensearch user - `secret-version`. The logic relies on a default Kubernetes `ResourceVersion` behavior. ### Issues Resolved Closes opensearch-project#908 ### Check List - [x] Commits are signed per the DCO using --signoff - [x] Unittest added for the new/changed functionality and all unit tests are successful - [x] Customer-visible features documented - [x] No linter warnings (`make lint`) If CRDs are changed: - [x] CRD YAMLs updated (`make manifests`) and also copied into the helm chart - [x] Changes to CRDs documented Please refer to the [PR guidelines](https://github.com/opensearch-project/opensearch-k8s-operator/blob/main/docs/developing.md#submitting-a-pr) before submitting this pull request. By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin). Signed-off-by: Yevhenii Tiutiunnyk <evheniytyutyunnik@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Right now, it is impossible to update a User password if it was changed in the corresponding Secret.
Operator already has a handleSecretEvent functionality, but in the current implementation, it is useless. Yes, it will trigger reconcile if smth was changed in the Secret, but because of the logic inside Users Reconcile function it will do nothing if password was updated.
The main problem is that Opensearch API is not returning a User password so you couldn't just compare it like Operator does with other properties.
Proposal: Operator should automatically update User password if it was changed in the Secret.
The text was updated successfully, but these errors were encountered: