Resolve "`account.adminPasswordSecretName` feature doesn't seem to work as intended"
General MR
Summary
Description
Describe the problem, what were you doing when you noticed the bug?
The logic for the admin hook that changes the admin password seems to be incorrect when referencing a secret using account.adminPasswordSecretName
within the values. Specifically, Within the following curl command found here.
The logic within the command seems to use the {{ .Values.account.currentAdminPassword }}
to change the password to {{ .Values.account.adminPassword }}
. The logic to do this is referencing the values from the chart. I believe the curl command should be trying to reference the values from the environment variables $ADMIN_PASSWORD
and $CURRENT_ADMIN_PASSWORD
that gets their value from the {{ .Values.account.adminPasswordSecretName }}
secret that is referenced, found here
To clarify, the current state of the curl command within the batch job is this:
curl -v --connect-timeout 100 -u admin:{{ default "admin" .Values.account.currentAdminPassword }} -X POST "{{ template "sonarqube.fullname" . }}:{{ default 9000 .Values.service.internalPort }}/api/users/change_password?login=admin&previousPassword={{ .Values.account.currentAdminPassword | default "admin" | urlquery }}&password={{ .Values.account.adminPassword | default "admin" | urlquery }}"
and I believe it should be something like this:
curl -v --connect-timeout 100 -u admin:{{ default "admin" .Values.account.currentAdminPassword }} -X POST "{{ template "sonarqube.fullname" . }}:{{ default 9000 .Values.service.internalPort }}/api/users/change_password?login=admin&previousPassword={{ $CURRENT_ADMIN_PASSWORD | default "admin" | urlquery }}&password={{ $ADMIN_PASSWORD | default "admin" | urlquery }}"
This should make the account.adminPasswordSecretName
work as intended to make the batch job change the current admin password to the intended admin password through a secretKeyRef without having to specify .Values.account.adminPassword
within the chart values.
Provide any steps possible used to reproduce the error (ideally in an isolated fashion).
Try to use the account.adminPasswordSecretName
feature to point at a secret containing password
(custom password) and currentPassword
(current password) keys with non-default values without having .Values.account.adminPassword
or .Values.account.currentAdminPassword
set. The sonarqube-change-admin-password-hook
batch job doesn't set the password like it should and defaults it back to admin.
Relevant logs/screenshots
(Include any relevant logs/screenshots)
Linked Issue
Upgrade Notices
N/A