Regenerate user passwords when user reconciles #896
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This closes #242
Note to reviewers: remember to look at the commits in this PR and consider if they can be squashed
Note to contributors: remember to re-generate client set if there are any API changes
Summary Of Changes
This Pull Request adds an option to always regenerate a user's user-credentials secret when a reconciliation for the user is triggered. The main use case is to update a user's password when the underlying import secret has changed.
Additional Context
A user's login credential are stored in the user-credentials secrets, which are generated at the user creation from an import secret. The documentation instructs us to add a label to trigger user reconciliation when we want to update a users password: https://github.com/rabbitmq/messaging-topology-operator/blob/main/docs/examples/users/README.md
This does however currently not affect a regeneration of the user-credentials secret: s. issue #242
Therefore I added these changes to allow us to force a regeneration when the user is reconciled (e.g. when a label is added).