jedcunningham opened a new pull request, #62143:
URL: https://github.com/apache/airflow/pull/62143
When webserver.defaultUser.enabled was set to false, the create-user job
still ran because createUserJob.enabled defaults to true and the OR condition
let it through. This adds a helper template that gives the deprecated
webserver.defaultUser precedence when present, only falling back to
createUserJob.enabled otherwise. Also fixes NOTES.txt to display credentials
from the correct source.
## `helm template` Test Results
All scenarios tested against 3 templates: create-user-job.yaml, NOTES.txt,
and security-context-constraint-rolebinding.yaml.
| # | `webserver.defaultUser` | `createUserJob.enabled` | Job Created? |
NOTES Creds? | SCC Subject? | Status |
|---|--------------------------|-------------------------|--------------|-----------------|--------------|------------------|
| 1 | *(not set)* | `true` (default) | Yes |
`admin/admin` | Yes | PASS |
| 2 | *(not set)* | `false` | No |
Hidden | No | PASS |
| 3 | `enabled: false` | `true` (default) | **No** |
Hidden | No | PASS (bug fix) |
| 4 | `enabled: true` | `true` (default) | Yes |
`depuser/deppass`| Yes | PASS |
| 5 | `enabled: true` | `false` | **Yes** |
`depuser/deppass`| Yes | PASS (precedence)|
| 6 | `enabled: false` | `true` | **No** |
Hidden | No | PASS (precedence)|
## Key Behaviors Verified
• Scenario 3 is the core bug fix: webserver.defaultUser.enabled=false now
correctly suppresses the job. Before the fix, the old or condition would
still evaluate createUserJob.enabled (default true) and create the job
anyway.
• Scenarios 5 & 6 confirm that when the deprecated webserver.defaultUser
is set, it always takes precedence over createUserJob.enabled, regardless of
conflict.
• NOTES.txt correctly uses webserver.defaultUser credentials when that
section is present, falling back to createUserJob.defaultUser otherwise.
• SCC rolebinding consistently includes/excludes the create-user-job
service account in lockstep with whether the job itself is created.
Fixed a missed compat scenario left from #61337.
---
##### Was generative AI tooling used to co-author this PR?
- [x] Yes (please specify the tool below)
Generated-by: Cursor CLI (Clause Opus 4.6)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]