User with ssl_certificates auth set in CHI generated wrong #1727
Description
Operator version: 0.25.0
I'm trying to create user over CHI which will use SSL certificate for authentication
users:
some_user/ssl_certificates/common_name: clickhouse-client-cert
some_user/grants/query:
- "GRANT dwh_reader_role"
- "GRANT SELECT, INSERT ON test_db.some_table"
some_user/networks/ip:
- 10.20.0.0/16
Converts into in ConfigMap (common-userd):
<some_user>
<grants>
<query>GRANT dwh_reader_role</query>
<query>SELECT, INSERT ON test_db.some_table</query>
</grants>
<networks>
<host_regexp>(chi-clickhouse-[^.]+\d+-\d+|clickhouse\-clickhouse)\.clickhouse\.svc\.cluster\.local$</host_regexp>
<ip>::1</ip>
<ip>127.0.0.1</ip>
<ip>10.20.0.0/16</ip>
</networks>
<password_sha256_hex>37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f</password_sha256_hex>
<profile>default</profile>
<quota>default</quota>
<ssl_certificates>
<common_name>clickhouse-client-cert</common_name>
</ssl_certificates>
</some_user>
And this leads to error:
Application: Caught exception while setting up access control.: Code: 347. DB::Exception: Code: 36. DB::Exception: More than one field of 'password', 'password_sha256_hex', 'password_double_sha1_hex', 'no_password', 'ldap', 'kerberos', 'ssl_certificates', 'ssh_keys', 'http_authentication' are used to specify authentication info for user some_user. Must be only one of them.: while parsing user 'some_user' in users configuration file: while loading configuration file '/etc/clickhouse-server/users.xml'. (BAD_ARGUMENTS), Stack trace (when copying this message, always include the lines below)
Generated user in xml have password but shouldn't. How can I prevent generation password for user, which uses ssl_certificates instead of password?