-
Notifications
You must be signed in to change notification settings - Fork 67
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow pre-definition of user passwords #44
Conversation
N.B.: There is a bug in the system tests where passwords are not excaped properly if the password starts with a dash.
cc @n3wscott as I believe this was one of the knative requirements. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What we have discussed:
- Import password and username from secret
- Delete user.spec.name; if name is not present and no import secret provided, randomly generates username and password pair
- two example manifests about how to create users: randomly generated username/password and pre defined password and username in
docs/examples/users
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. There are several places in the controller which a failure was only returned but not logged or recorded as event. But I want to approve the PR so we can merge it soon and avoid merge conflicts. Logging and publish events for all errors can come in a different PR.
This PR allows a user to specify a Secret which contains a password to set on the User. The controller looks for the username & password under the keys
username
&password
in the Secret. This Secret must be in the same namespace as the User, in order to mitigate privilege escalation.Note that this import only happens upon creation - once the User is created, the import Secret is ignored. A user must be deleted & recreated in order to change a password or username until #35 is played.
This closes #36
Note to reviewers: remember to look at the commits in this PR and consider if they can be squashed
Summary Of Changes
This PR adds several new fields to allow import of passwords from a created Secret: