[Bug]: passwordFromSecret not taken into account

[acollign]

Contact Details

No response

What happened?

Using the chart version 5.7.0, I am unable to log in a neo4j community standalone installation when defining the initial password via a secret.

To reproduce:

• create a secret to store the password, e.g: password is longpassword. NEO4J_AUTH is set to base64 value of neo4j/longpassword

  apiVersion: v1
  kind: Secret
  metadata:
  name: "neo4j-password"
  namespace: "default"
  type: Opaque
  data:
  NEO4J_AUTH: bmVvNGovbG9uZ3Bhc3N3b3JkCg==

• set neo4j.passwordFromSecret to neo4j-password in values.yaml

  
  neo4j:
  name: neo4j
  passwordFromSecret: "neo4j-password"

volumes: data: mode: "dynamic" dynamic: storageClassName: openebs-hostpath

- install release
```helm install my-neo4j-release . -f values.yaml```
- observe that helm chart notes refers to the actual secret as the source of the initial password

... $ kubectl run --rm -it --image "neo4j:5.7.0" cypher-shell \ -- cypher-shell -a "neo4j://my-neo4j-release.default.svc.cluster.local:7687" -u neo4j -p "$(kubectl get secret neo4j-password -o go-template='{{.data.NEO4J_AUTH | base64decode }}' | cut -d '/' -f2)" ...

*Expected result*: documented commandline allows to log in 
*Actual result*: cypher returns `The client is unauthorized due to authentication failure.`
*Additional analysis*:
Last step fails with the same authentication failure happens when:
- manually entering the password longpassword
- using the default password neo4j

*Workaround*: setting the password using `neo4j.password` helm value

### Chart Name

Standalone

### Chart Version

5.7.0

### Environment

Local Machine, k0s installation

### Relevant log output

_No response_

### Code of Conduct

- [X] I agree to follow this project's Code of Conduct

[ojhughes]

Hi - I just tested using you example and it work fine for me.

Make sure you delete any old PVCs that might contain a previous password Check kubernetes events for any issues mounting the secret to the database pod

[acollign]

Hi @ojhughes,

I just tested using you example and it work fine for me. Make sure you delete any old PVCs that might contain a previous password

Thanks for testing this case. I can reproduce the bug with a clean kubernetes install, without any PVC.

May ask I you which version you are testing? I tested with neo4j-5.7.0.

[ojhughes]

yes 5.7 on GKE

[acollign]

I just reproduced the same issue on another fresh install. I don´t have any errors in the events. Everything looks good except that I cannot log in.

Is there any debugging steps I could follow to identify the root cause ? Thanks in advance for your help.

[ojhughes]

Not really, it works on GKE / AKS / EKS and we can't test against every type of cluster.

[ojhughes]

can you log in using Neo4j Browser out of interest?

[acollign]

I found out the issue comes from a silly mistake when encoding the password in base64. The base64 encoded password value in the test file ends with a \n. The correct base64 encoded value of longpassword is bmVvNGovbG9uZ3Bhc3N3b3Jk which is what neo4j rightfully expect.

Thank you for helping out.