Details
-
Task
-
Resolution: Done
-
Minor
-
None
-
None
-
False
-
None
-
False
Description
Taken from the PR: https://github.com/maistra/istio-operator/pull/1161
The way to test this:
Tested:
Created v2.4 SMCP and run
oc get secret -n istio-system htpasswd -o json | jq .data.auth | tr -d \" | base64 -d | sed 's/}.*/}REDACTED\n/'
Ensuring the secret begins with $2a$, indicating it's been hashed with bcrypt. Ensured that in grafana-proxy and prometheus-proxy containers, /etc/proxy/htpasswd only contains the hashed htpasswd, not the raw password as well.
Created v2.3, v2.2 SMCPs and ensured that behavior remained the same as before.