Charm managed basic_auth.csv got reset, losing non-admin login credentials

subscribed ~field-critical

basic_auth.csv will be naively overwritten, inadvertently deleting additions, any time setup_basic_auth() (see https://github.com/charmed-kubernetes/charm-kubernetes-master/blob/master/reactive/kubernetes_master.py#L1721) is called.

As far as I can tell, this will happen when either:
1. The `client_password` config is changed on kubernetes-master
2. kubernetes-master is upgraded

This means:
1. You can workaround the problem right now by reapplying edits to basic_auth.csv *on the kubernetes-master leader unit* (the leader will distribute to other masters). Your edits will remain in place as long as you don't do either of the two things listed above.
2. The actual fix is to update the setup_basic_auth() function to only modify (or add) a single line to basic_auth.csv, instead of overwriting the entire file.

unsubscribed ~field-critical

subscribed ~field-high

https://github.com/charmed-kubernetes/charm-kubernetes-master/pull/10

@Tim

/root/cdk/basic_auth.csv is the right file to be changed?

I changed it on leader unit but it is not spreaded to the other kubernetes-mastser/x node

If I changed it on the other node, it is reverted soon.

Yeah, it appears there's second part to this bug, and that's it - the file changes are not distributed to non-leaders reliably. Working on a fix for that too.

In case it helps, we ran this to propagate changes to that file: juju run --unit <kubernetes-master leader> charms.reactive clear_flag authentication.setup

PR has been updated with a fix that will ensure that changes to basic_auth.csv on the leader will be propagated to the other master units automatically (and immediately).

Follow-up PR (merged already): https://github.com/charmed-kubernetes/charm-kubernetes-master/pull/13

PR to stable: https://github.com/charmed-kubernetes/charm-kubernetes-master/pull/21