UNCLASSIFIED - NO CUI

Skip to content

Resolve "`account.adminPasswordSecretName` feature doesn't seem to work as intended"

Chris Schaefer requested to merge 147-account-adminpasswordsecretname-feature-doesn-t-seem-to-work-as-intended into main

General MR

Summary

Description

Describe the problem, what were you doing when you noticed the bug?

The logic for the admin hook that changes the admin password seems to be incorrect when referencing a secret using account.adminPasswordSecretName within the values. Specifically, Within the following curl command found here.

The logic within the command seems to use the {{ .Values.account.currentAdminPassword }} to change the password to {{ .Values.account.adminPassword }}. The logic to do this is referencing the values from the chart. I believe the curl command should be trying to reference the values from the environment variables $ADMIN_PASSWORD and $CURRENT_ADMIN_PASSWORD that gets their value from the {{ .Values.account.adminPasswordSecretName }} secret that is referenced, found here

To clarify, the current state of the curl command within the batch job is this:

curl -v --connect-timeout 100 -u admin:{{ default "admin" .Values.account.currentAdminPassword }} -X POST "{{ template "sonarqube.fullname" . }}:{{ default 9000 .Values.service.internalPort }}/api/users/change_password?login=admin&previousPassword={{ .Values.account.currentAdminPassword | default "admin" | urlquery }}&password={{ .Values.account.adminPassword | default "admin" | urlquery }}"

and I believe it should be something like this:

curl -v --connect-timeout 100 -u admin:{{ default "admin" .Values.account.currentAdminPassword }} -X POST "{{ template "sonarqube.fullname" . }}:{{ default 9000 .Values.service.internalPort }}/api/users/change_password?login=admin&previousPassword={{ $CURRENT_ADMIN_PASSWORD | default "admin" | urlquery }}&password={{ $ADMIN_PASSWORD | default "admin" | urlquery }}"

This should make the account.adminPasswordSecretName work as intended to make the batch job change the current admin password to the intended admin password through a secretKeyRef without having to specify .Values.account.adminPassword within the chart values.

Provide any steps possible used to reproduce the error (ideally in an isolated fashion).

Try to use the account.adminPasswordSecretName feature to point at a secret containing password (custom password) and currentPassword (current password) keys with non-default values without having .Values.account.adminPassword or .Values.account.currentAdminPassword set. The sonarqube-change-admin-password-hook batch job doesn't set the password like it should and defaults it back to admin.

Relevant logs/screenshots

(Include any relevant logs/screenshots)

Linked Issue

#147 (closed)

Upgrade Notices

N/A

Edited by Chris Schaefer

Merge request reports

UNCLASSIFIED - NO CUI