Skip to content

Disable auth in embedded etcd#954

Merged
ishan16696 merged 3 commits intogardener:masterfrom
Tomy2e:embedded-etcd-disable-auth-1
Dec 16, 2025
Merged

Disable auth in embedded etcd#954
ishan16696 merged 3 commits intogardener:masterfrom
Tomy2e:embedded-etcd-disable-auth-1

Conversation

@Tomy2e
Copy link
Contributor

@Tomy2e Tomy2e commented Dec 9, 2025
edited by ishan16696
Loading

How to categorize this PR?

/area backup
/kind bug

What this PR does / why we need it:

This PR temporarily disables etcd authentication after starting the embedded etcd (if needed). It's enabled again before stopping the embedded etcd server.

Which issue(s) this PR fixes:
Fixes #950

Special notes for your reviewer:

Release note:

Fixed the restoration failures that could occur when etcd backups was taken from etcd which has auth enabled.

@CLAassistant
Copy link

CLAassistant commented Dec 9, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

@gardener-robot gardener-robot added area/backup Backup related kind/bug Bug labels Dec 9, 2025
@gardener-prow gardener-prow bot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Dec 9, 2025
@gardener-prow
Copy link

gardener-prow bot commented Dec 9, 2025

Hi @Tomy2e. Thanks for your PR.

I'm waiting for a github.com member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@gardener-robot gardener-robot added needs/review Needs review size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Dec 9, 2025
@Tomy2e Tomy2e mentioned this pull request Dec 9, 2025
Closed
@Tomy2e Tomy2e force-pushed the embedded-etcd-disable-auth-1 branch from 259e462 to 8ded394 Compare December 10, 2025 15:00
@gardener-robot gardener-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. needs/second-opinion Needs second review by someone else and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Dec 10, 2025
@gitguardian
Copy link

gitguardian bot commented Dec 10, 2025
edited
Loading

️✅ There are no secrets present in this pull request anymore.

If these secrets were true positive and are still valid, we highly recommend you to revoke them.
While these secrets were previously flagged, we no longer have a reference to the
specific commits where they were detected. Once a secret has been leaked into a git
repository, you should consider it compromised, even if it was deleted immediately.
Find here more information about risks.

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

@Tomy2e Tomy2e force-pushed the embedded-etcd-disable-auth-1 branch from 8ded394 to b60e1c8 Compare December 10, 2025 15:56
@Tomy2e Tomy2e marked this pull request as ready for review December 10, 2025 16:42
@Tomy2e Tomy2e requested a review from a team as a code owner December 10, 2025 16:42
@Tomy2e
Copy link
Contributor Author

Tomy2e commented Dec 10, 2025

Hi @ishan16696, my fix is ready for review 🙏

It looks like gitguardian secret scanner doesn't like the password I hardcoded in my test:

etcd-backup-restore/pkg/snapshot/restorer/restorer_test.go

Line 1101 in b60e1c8

rootPassword = "toor"

Do not hesitate to let me know if there is something I can do to fix that.

@ishan16696
Copy link
Member

ishan16696 commented Dec 12, 2025

/assign

ishan16696
ishan16696 requested changes Dec 15, 2025
View reviewed changes
Copy link
Member

@ishan16696 ishan16696 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for the PR, few nits ....overall it looks good.

@gardener-robot gardener-robot added the needs/changes Needs (more) changes label Dec 15, 2025
@Tomy2e Tomy2e force-pushed the embedded-etcd-disable-auth-1 branch from b60e1c8 to e509318 Compare December 15, 2025 16:41
Tomy2e and others added 2 commits December 15, 2025 18:03
@Tomy2e @ishan16696
Apply suggestions from code review
1608ea0 
Co-authored-by: Ishan Tyagi <42602577+ishan16696@users.noreply.github.com>
@Tomy2e
fix
c4098b7
@ishan16696 ishan16696 added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Dec 16, 2025
ishan16696
ishan16696 approved these changes Dec 16, 2025
View reviewed changes
Copy link
Member

@ishan16696 ishan16696 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!!

@ishan16696 ishan16696 merged commit 7ddce03 into gardener:master Dec 16, 2025
13 checks passed
@gardener-robot gardener-robot added the status/closed Issue is closed (either delivered or triaged) label Dec 16, 2025
@renormalize renormalize added this to the v0.41.0 milestone Feb 3, 2026
@gardener-github-actions gardener-github-actions bot mentioned this pull request Feb 3, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ishan16696 ishan16696 ishan16696 approved these changes

Assignees

@ishan16696 ishan16696

Labels

area/backup Backup related kind/bug Bug needs/changes Needs (more) changes needs/review Needs review needs/second-opinion Needs second review by someone else ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. status/closed Issue is closed (either delivered or triaged)

Projects

None yet

Milestone

v0.41.0

Development

Successfully merging this pull request may close these issues.

Embedded etcd does not work when base snaphot has etcd auth enabled

5 participants

@Tomy2e @CLAassistant @ishan16696 @renormalize @gardener-robot