search

groundhog2k / helm-charts

Helm charts for open source applications - ready to use for deployment on Kubernetes
MIT License
69 stars 56 forks source link

RabbitMQ does not use authentication user/password #1197

Closed huber-and closed 1 year ago

huber-and commented 1 year ago

It looks like the RabbitMQ chart does ignore the authentication settings. When set env.RABBITMQ_DEFAULT_USER and env.RABBITMQ_DEFAULT_PASS it works as expected.

groundhog2k commented 1 year ago

How did you test? As described in Readme and also values.yaml the authentication.user & authentication.password are only for the initial admin user. If you change that in the Rabbit management UI the values are ignored on further upgrade deployments.

This is how I tested it

# Ingress
...
...

# Default user and erlang cookie
authentication:
  ## Initial user name
  user: "iamadmin"

  ## Initial password
  password: "secret"

  ## Erlang cookie (MANDATORY)
  erlangCookie: "VGhpc0lzTXlFcmxhbmdDb29raWUK"

## Management UI plugin options
managementPlugin:
  ## Enable management UI plugin with default configuration
  enabled: true

## Storage parameters
storage:
  requestedSize: 256Mi

Afterwards you can login with "iamadmin"/"secret".

huber-and commented 1 year ago

You are right, i found the issue. When the password contains a # like "test#01" only "test" is used as password.

groundhog2k commented 1 year ago

This is described in section "Override Default User Credentials" of https://www.rabbitmq.com/access-control.html. Summarized: The overall behavior is correct. For the default user the setting inside rabbitmq.conf can't contain a "#" character because it is interpreted as comment in the config file. Also putting quotes around it will not help. A user or password like test@1will work of course.

This only affects the initial default user, which should be changed after initial deployment anyway.

huber-and commented 1 year ago

Thanks!