@@ -299,52 +299,6 @@ func TestServiceUserCustomCredentials(t *testing.T) {
299299 }))
300300 })
301301
302- t .Run ("AvnadminPasswordReset" , func (t * testing.T ) {
303- // Tests password reset functionality for the built-in 'avnadmin' user.
304- // Verifies that the operator can modify credentials for system user and that
305- // built-in users persist after ServiceUser resource deletion.
306- yml := getServiceUserAvnadminResetYaml (cfg .Project , pgName , cfg .PrimaryCloudName )
307-
308- require .NoError (t , s .Apply (yml ))
309-
310- user := new (v1alpha1.ServiceUser )
311- require .NoError (t , s .GetRunning (user , "avnadmin" ))
312-
313- userAvn , err := getServiceUserWithRetry (ctx , avnGen , cfg .Project , pgName , "avnadmin" )
314- require .NoError (t , err )
315- assert .Equal (t , "avnadmin" , user .GetName ())
316- assert .Equal (t , "avnadmin" , userAvn .Username )
317- assert .Equal (t , pgName , user .Spec .ServiceName )
318-
319- secret , err := s .GetSecret ("my-avnadmin-secret" )
320- require .NoError (t , err )
321- assert .NotEmpty (t , secret .Data ["SERVICEUSER_HOST" ])
322- assert .NotEmpty (t , secret .Data ["SERVICEUSER_PORT" ])
323- assert .NotEmpty (t , secret .Data ["SERVICEUSER_USERNAME" ])
324- assert .NotEmpty (t , secret .Data ["SERVICEUSER_PASSWORD" ])
325- assert .NotEmpty (t , secret .Data ["SERVICEUSER_CA_CERT" ])
326-
327- actualUsernameInSecret := string (secret .Data ["SERVICEUSER_USERNAME" ])
328- assert .Equal (t , "avnadmin" , actualUsernameInSecret , "Username should be avnadmin" )
329-
330- // verify the password was reset to custom value
331- actualPassword := string (secret .Data ["SERVICEUSER_PASSWORD" ])
332- assert .Equal (t , "NewAvnadminPassword999!" , actualPassword , "Password should match our custom avnadmin password" )
333-
334- assert .Equal (t , map [string ]string {"test" : "avnadmin-reset" }, secret .Annotations )
335- assert .Equal (t , map [string ]string {"type" : "admin-password" }, secret .Labels )
336-
337- // validate that built-in users persist after ServiceUser deletion
338- assert .NoError (t , s .Delete (user , func () error {
339- // avnadmin user should still exist after ServiceUser deletion since it's a built-in user
340- _ , err = avnGen .ServiceUserGet (ctx , cfg .Project , pgName , "avnadmin" )
341- if err != nil {
342- return fmt .Errorf ("avnadmin user should still exist after ServiceUser deletion: %w" , err )
343- }
344- return nil
345- }))
346- })
347-
348302 t .Run ("EmptyPasswordValidation" , func (t * testing.T ) {
349303 // Tests validation of empty passwords in connInfoSecretSource.
350304 // Verifies that the operator properly validates password requirements
@@ -363,6 +317,66 @@ func TestServiceUserCustomCredentials(t *testing.T) {
363317 })
364318}
365319
320+ func TestServiceUserAvnadminPasswordReset (t * testing.T ) {
321+ // Tests password reset functionality for the built-in 'avnadmin' user.
322+ // Verifies that the operator can modify credentials for system user and that
323+ // built-in users persist after ServiceUser resource deletion.
324+ defer recoverPanic (t )
325+
326+ ctx , cancel := testCtx ()
327+ defer cancel ()
328+
329+ pg , releasePG , err := sharedResources .AcquirePostgreSQL (ctx )
330+ require .NoError (t , err )
331+ defer releasePG ()
332+
333+ pgName := pg .GetName ()
334+ s := NewSession (ctx , k8sClient )
335+
336+ defer s .Destroy (t )
337+
338+ yml := getServiceUserAvnadminResetYaml (cfg .Project , pgName , cfg .PrimaryCloudName )
339+
340+ require .NoError (t , s .Apply (yml ))
341+
342+ user := new (v1alpha1.ServiceUser )
343+ require .NoError (t , s .GetRunning (user , "avnadmin" ))
344+
345+ userAvn , err := getServiceUserWithRetry (ctx , avnGen , cfg .Project , pgName , "avnadmin" )
346+ require .NoError (t , err )
347+ assert .Equal (t , "avnadmin" , user .GetName ())
348+ assert .Equal (t , "avnadmin" , userAvn .Username )
349+ assert .Equal (t , pgName , user .Spec .ServiceName )
350+
351+ secret , err := s .GetSecret ("my-avnadmin-secret" )
352+ require .NoError (t , err )
353+ assert .NotEmpty (t , secret .Data ["SERVICEUSER_HOST" ])
354+ assert .NotEmpty (t , secret .Data ["SERVICEUSER_PORT" ])
355+ assert .NotEmpty (t , secret .Data ["SERVICEUSER_USERNAME" ])
356+ assert .NotEmpty (t , secret .Data ["SERVICEUSER_PASSWORD" ])
357+ assert .NotEmpty (t , secret .Data ["SERVICEUSER_CA_CERT" ])
358+
359+ actualUsernameInSecret := string (secret .Data ["SERVICEUSER_USERNAME" ])
360+ assert .Equal (t , "avnadmin" , actualUsernameInSecret , "Username should be avnadmin" )
361+
362+ // verify the password was reset to custom value
363+ actualPassword := string (secret .Data ["SERVICEUSER_PASSWORD" ])
364+ assert .Equal (t , "NewAvnadminPassword999!" , actualPassword , "Password should match our custom avnadmin password" )
365+
366+ assert .Equal (t , map [string ]string {"test" : "avnadmin-reset" }, secret .Annotations )
367+ assert .Equal (t , map [string ]string {"type" : "admin-password" }, secret .Labels )
368+
369+ // validate that built-in users persist after ServiceUser deletion
370+ assert .NoError (t , s .Delete (user , func () error {
371+ // avnadmin user should still exist after ServiceUser deletion since it's a built-in user
372+ _ , err = avnGen .ServiceUserGet (ctx , cfg .Project , pgName , "avnadmin" )
373+ if err != nil {
374+ return fmt .Errorf ("avnadmin user should still exist after ServiceUser deletion: %w" , err )
375+ }
376+ return nil
377+ }))
378+ }
379+
366380func getServiceUserWithSourceSecretYaml (project , pgName , userName , cloudName string ) string {
367381 // secret name based on userName to avoid conflicts
368382 secretName := userName + "-secret"
0 commit comments