As the title suggests, when VMUser.spec.disable_secret_creation is set to true (because the Secret is managed externally, for example by External Secrets), the Secret referenced in passwordRef is no longer fetched, resulting the VMAuth configuration containing the configuration for the user without a password.
From my understanding, setting disable_secret_creation should only prevent the operator from creating the Secret, but not prevent it from reading what user has defined in said Secret.
As the title suggests, when
VMUser.spec.disable_secret_creation
is set totrue
(because the Secret is managed externally, for example by External Secrets), the Secret referenced inpasswordRef
is no longer fetched, resulting the VMAuth configuration containing the configuration for the user without a password.I believe this is because of this block of code:
https://github.com/VictoriaMetrics/operator/blob/bfc521d3b22d696c2244318a2d93a5fee7a93452/controllers/factory/vmuser.go#L246-L248
in the
fetchVMUserSecretCacheByRef
function.From my understanding, setting
disable_secret_creation
should only prevent the operator from creating the Secret, but not prevent it from reading what user has defined in said Secret.