You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We want to delete a user that we previously created through the spec.users property in the CRD. However, by removing the user entry from the spec.users list, we found that the user still exist in the Cassandra system.
What did you expect to happen?
There are two right behaviors in this case, depending how much feature this operator wants to support:
Make the operator to manage the list of users that it creates. When a user is removed from the CR, it should be deleted from the Cassandra cluster.
Make the spec.users an immutable field. This can be done easily with the x-kubernetes-validation CRD feature.
How can we reproduce it (as minimally and precisely as possible)?
Right now the functionality is as intended. The users / superusers feature is intended to only enforce that those users set there are existing in the cluster (or if using an annotation, this feature can be disabled for the Datacenter), but not that they're the only users in the cluster.
Since users can add new users by using other means in Cassandra, we can't delete them even if they're removed from this list as this isn't intended to be the user management alone.
This could be viewed as enhancement for future behavior however. There's a different PR (albeit slightly delayed one) that would modify the user creation process to make it better.
Sadly making it immutable could prevent adding another dc which controls the username creation. And it wouldn't solve the issue really, you could still modify the Secret itself (which is user controller so we can't make it immutable) to change the username.
What happened?
We want to delete a user that we previously created through the
spec.users
property in the CRD. However, by removing the user entry from thespec.users
list, we found that the user still exist in the Cassandra system.What did you expect to happen?
There are two right behaviors in this case, depending how much feature this operator wants to support:
spec.users
an immutable field. This can be done easily with thex-kubernetes-validation
CRD feature.How can we reproduce it (as minimally and precisely as possible)?
demo-secret-2
user from thespec.users
:LIST USERS
in cqlsh:cass-operator version
1.22.0
Kubernetes version
1.28.0
Method of installation
Helm
Anything else we need to know?
No response
┆Issue is synchronized with this Jira Story by Unito
┆Issue Number: CASS-3
The text was updated successfully, but these errors were encountered: