From 6acea75a76302b1f7358a28b4dac56f03e8dd89f Mon Sep 17 00:00:00 2001
From: hongming <talonwan@yunify.com>
Date: Fri, 31 Jul 2020 23:57:42 +0800
Subject: [PATCH] remove LastAppliedConfig annotation after password encrypted

Signed-off-by: hongming <talonwan@yunify.com>
---
 pkg/controller/user/user_controller.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkg/controller/user/user_controller.go b/pkg/controller/user/user_controller.go
index e89c45a0..96c5c6b7 100644
--- a/pkg/controller/user/user_controller.go
+++ b/pkg/controller/user/user_controller.go
@@ -367,6 +367,8 @@ func (c *Controller) ensurePasswordIsEncrypted(user *iamv1alpha2.User) (*iamv1al
 		if user.Annotations == nil {
 			user.Annotations = make(map[string]string, 0)
 		}
+		// ensure plain text password won't be kept anywhere
+		delete(user.Annotations, corev1.LastAppliedConfigAnnotation)
 		user.Annotations[iamv1alpha2.PasswordEncryptedAnnotation] = "true"
 		user.Status = iamv1alpha2.UserStatus{
 			State:              iamv1alpha2.UserActive,
-- 
GitLab