Allow a user to disable Reaper auth by specifically setting the UiUse…

…rSecretRef.Name to "".
k8ssandra · Jan 10, 2024 · deec5ae · deec5ae
1 parent b02da26
commit deec5ae
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 10 deletions.
diff --git a/apis/reaper/v1alpha1/reaper_types.go b/apis/reaper/v1alpha1/reaper_types.go
@@ -56,7 +56,7 @@ type ReaperTemplate struct {
 
 	// Defines the secret which contains the username and password for the Reaper UI and REST API authentication.
 	// +optional
-	UiUserSecretRef corev1.LocalObjectReference `json:"uiUserSecretRef,omitempty"`
+	UiUserSecretRef *corev1.LocalObjectReference `json:"uiUserSecretRef,omitempty"`
 
 	// SecretsProvider defines whether the secrets used for credentials and certs will be backed
 	// by an external secret backend. This moves the responsibility of generating and storing

diff --git a/apis/reaper/v1alpha1/zz_generated.deepcopy.go b/apis/reaper/v1alpha1/zz_generated.deepcopy.go
diff --git a/controllers/k8ssandra/secrets.go b/controllers/k8ssandra/secrets.go
@@ -66,22 +66,26 @@ func (r *K8ssandraClusterReconciler) reconcileReaperSecrets(ctx context.Context,
 			var uiUserSecretRef corev1.LocalObjectReference
 			if kc.Spec.Reaper != nil {
 				cassandraUserSecretRef = kc.Spec.Reaper.CassandraUserSecretRef
-				uiUserSecretRef = kc.Spec.Reaper.UiUserSecretRef
+				if kc.Spec.Reaper.UiUserSecretRef != nil {
+					uiUserSecretRef = *kc.Spec.Reaper.UiUserSecretRef
+				}
 			}
 			if cassandraUserSecretRef.Name == "" {
 				cassandraUserSecretRef.Name = reaper.DefaultUserSecretName(kc.SanitizedName())
 			}
-			if uiUserSecretRef.Name == "" {
+			if kc.Spec.Reaper.UiUserSecretRef == nil {
 				uiUserSecretRef.Name = reaper.DefaultUiSecretName(kc.SanitizedName())
 			}
 			kcKey := utils.GetKey(kc)
 			if err := secret.ReconcileSecret(ctx, r.Client, cassandraUserSecretRef.Name, kcKey); err != nil {
 				logger.Error(err, "Failed to reconcile Reaper CQL user secret", "ReaperCassandraUserSecretRef", cassandraUserSecretRef)
 				return result.Error(err)
 			}
-			if err := secret.ReconcileSecret(ctx, r.Client, uiUserSecretRef.Name, kcKey); err != nil {
-				logger.Error(err, "Failed to reconcile Reaper UI secret", "ReaperUiUserSecretRef", uiUserSecretRef)
-				return result.Error(err)
+			if kc.Spec.Reaper.UiUserSecretRef != nil {
+				if err := secret.ReconcileSecret(ctx, r.Client, uiUserSecretRef.Name, kcKey); err != nil {
+					logger.Error(err, "Failed to reconcile Reaper UI secret", "ReaperUiUserSecretRef", uiUserSecretRef)
+					return result.Error(err)
+				}
 			}
 			logger.Info("Reaper user secrets successfully reconciled")
 

diff --git a/controllers/reaper/reaper_controller.go b/controllers/reaper/reaper_controller.go
@@ -383,11 +383,11 @@ func (r *ReaperReconciler) collectAuthVarsForType(ctx context.Context, actualRea
 		secretRef = &actualReaper.Spec.CassandraUserSecretRef
 		envVars = []*corev1.EnvVar{}
 	case "ui":
-		secretRef = &actualReaper.Spec.UiUserSecretRef
+		secretRef = actualReaper.Spec.UiUserSecretRef
 		envVars = []*corev1.EnvVar{reaper.EnableAuthVar}
 	}
 
-	if len(secretRef.Name) > 0 && !actualReaper.Spec.UseExternalSecrets() {
+	if secretRef != nil && len(secretRef.Name) > 0 && !actualReaper.Spec.UseExternalSecrets() {
 		secretKey := types.NamespacedName{Namespace: actualReaper.Namespace, Name: secretRef.Name}
 		if secret, err := r.getSecret(ctx, secretKey); err != nil {
 			logger.Error(err, "Failed to get Cassandra authentication secret", authType, secretKey)

diff --git a/pkg/reaper/resource.go b/pkg/reaper/resource.go
@@ -67,7 +67,7 @@ func NewReaper(
 			desiredReaper.Spec.CassandraUserSecretRef.Name = DefaultUserSecretName(kc.SanitizedName())
 		}
 		// Note: deliberately skip JmxUserSecretRef, which is deprecated.
-		if desiredReaper.Spec.UiUserSecretRef.Name == "" {
+		if desiredReaper.Spec.UiUserSecretRef == nil {
 			desiredReaper.Spec.UiUserSecretRef.Name = DefaultUiSecretName(kc.SanitizedName())
 		}