From 86990d56a13dbdd8a3b7e80efbe8e5ba8dc79cf3 Mon Sep 17 00:00:00 2001
From: r-vasquez <rvasque3@gmail.com>
Date: Tue, 16 Jul 2024 16:55:26 -0700
Subject: [PATCH] rpk: make mechanism flag required in user update

Without this, a user could inadvertently change the
mechanism because we default the flag to
SCRAM-SHA-256.

(cherry picked from commit 07943e66a0f4482f765daea134aa45fef720d1fc)
---
 src/go/rpk/pkg/cli/acl/user/update.go | 3 ++-
 tests/rptest/clients/rpk.py           | 5 +++--
 tests/rptest/tests/rpk_acl_test.py    | 3 ++-
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/go/rpk/pkg/cli/acl/user/update.go b/src/go/rpk/pkg/cli/acl/user/update.go
index f0a1bed991df3..64492e481c7a9 100644
--- a/src/go/rpk/pkg/cli/acl/user/update.go
+++ b/src/go/rpk/pkg/cli/acl/user/update.go
@@ -40,8 +40,9 @@ func newUpdateCommand(fs afero.Fs, p *config.Params) *cobra.Command {
 	}
 
 	cmd.Flags().StringVar(&newPass, "new-password", "", "New user's password.")
-	cmd.Flags().StringVar(&mechanism, "mechanism", adminapi.ScramSha256, "SASL mechanism to use for the user you are creating (scram-sha-256, scram-sha-512, case insensitive)")
+	cmd.Flags().StringVar(&mechanism, "mechanism", adminapi.ScramSha256, "SASL mechanism to use for the user you are updating (scram-sha-256, scram-sha-512, case insensitive)")
 	cmd.MarkFlagRequired("new-password")
+	cmd.MarkFlagRequired("mechanism")
 
 	return cmd
 }
diff --git a/tests/rptest/clients/rpk.py b/tests/rptest/clients/rpk.py
index 22e825a72fce9..94222eaeb6f52 100644
--- a/tests/rptest/clients/rpk.py
+++ b/tests/rptest/clients/rpk.py
@@ -353,10 +353,11 @@ def sasl_create_user_basic_mix(self,
 
         return self._run(cmd)
 
-    def sasl_update_user(self, user, new_password):
+    def sasl_update_user(self, user, new_password, new_mechanism):
         cmd = [
             "acl", "user", "update", user, "--new-password", new_password,
-            "-X", "admin.hosts=" + self._redpanda.admin_endpoints()
+            "--mechanism", new_mechanism, "-X",
+            "admin.hosts=" + self._redpanda.admin_endpoints()
         ]
         return self._run(cmd)
 
diff --git a/tests/rptest/tests/rpk_acl_test.py b/tests/rptest/tests/rpk_acl_test.py
index d96f2c682bdd7..26d2b4423c170 100644
--- a/tests/rptest/tests/rpk_acl_test.py
+++ b/tests/rptest/tests/rpk_acl_test.py
@@ -122,7 +122,8 @@ def test_create_update(self):
         # We check that we can list the topics:
         assert topic in topic_list
 
-        out = self._rpk.sasl_update_user(self.username, new_password)
+        out = self._rpk.sasl_update_user(self.username, new_password,
+                                         self.mechanism)
         assert f'Updated user "{self.username}" successfully' in out
 
         with expect_exception(