From fc9eb75b3c1a45e5b8aba4eed1d918f25435a981 Mon Sep 17 00:00:00 2001
From: Kochetkov S <kochetkov.s@sarex.io>
Date: Thu, 23 Apr 2026 11:49:57 +0300
Subject: [PATCH] contracts,notes,mapper

---
 .../bootstrap-jobs/service-bootstrap-jobs.yaml | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/clusters/yc-k8s-test/infrastructure/bootstrap-jobs/service-bootstrap-jobs.yaml b/clusters/yc-k8s-test/infrastructure/bootstrap-jobs/service-bootstrap-jobs.yaml
index 982ad42..de5130c 100644
--- a/clusters/yc-k8s-test/infrastructure/bootstrap-jobs/service-bootstrap-jobs.yaml
+++ b/clusters/yc-k8s-test/infrastructure/bootstrap-jobs/service-bootstrap-jobs.yaml
@@ -232,6 +232,7 @@ spec:
               command: ["/bin/sh", "-ec"]
               args:
                 - |
+                  set -e
                   apk add --no-cache bash curl jq kubectl >/dev/null
 
                   VAULT_ADDR="http://vault-vault-contour.vault.svc:8200"
@@ -243,6 +244,7 @@ spec:
 
                   bootstrap_json="$(curl -sS -H "X-Vault-Token: ${VAULT_TOKEN}" "${VAULT_ADDR}/v1/secrets/data/kafka/bootstrap")"
                   inter_broker_password="$(echo "${bootstrap_json}" | jq -r '.data.data.interBrokerPassword')"
+                  [ -n "${inter_broker_password}" ] && [ "${inter_broker_password}" != "null" ]
                   list_json="$(curl -sS -H "X-Vault-Token: ${VAULT_TOKEN}" "${VAULT_ADDR}/v1/secrets/metadata/kafka/apps?list=true")"
                   target_pod="$(kubectl -n kafka get pod kafka-kafka-contour-controller-0 -o jsonpath='{.metadata.name}' 2>/dev/null || true)"
                   if [ -z "${target_pod}" ]; then
@@ -253,6 +255,15 @@ spec:
                     exit 1
                   fi
 
+                  admin_props="$(mktemp)"
+                  printf "%s\n" \
+                    "security.protocol=SASL_PLAINTEXT" \
+                    "sasl.mechanism=PLAIN" \
+                    "sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username='inter_broker_user' password='${inter_broker_password}';" \
+                    > "${admin_props}"
+                  kubectl -n kafka exec "${target_pod}" -c kafka -- /bin/bash -lc 'cat > /tmp/admin.properties' < "${admin_props}"
+                  rm -f "${admin_props}"
+
                   for app in $(echo "${list_json}" | jq -r '.data.keys[]?' | sed 's#/$##'); do
                     app_json="$(curl -sS -H "X-Vault-Token: ${VAULT_TOKEN}" "${VAULT_ADDR}/v1/secrets/data/kafka/apps/${app}")"
                     username="$(echo "${app_json}" | jq -r '.data.data.username')"
@@ -260,12 +271,8 @@ spec:
                     [ -z "${username}" ] && username="${app}"
                     [ -z "${password}" ] && continue
 
+                    echo "Reconciling Kafka user ${username}"
                     kubectl -n kafka exec "${target_pod}" -c kafka -- /bin/bash -lc "\
-                      cat >/tmp/admin.properties <<EOF
-                      security.protocol=SASL_PLAINTEXT
-                      sasl.mechanism=PLAIN
-                      sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username='inter_broker_user' password='${inter_broker_password}';
-                      EOF
                       /opt/bitnami/kafka/bin/kafka-configs.sh --bootstrap-server localhost:9094 --command-config /tmp/admin.properties \
                         --alter --add-config 'SCRAM-SHA-512=[password=${password}]' \
                         --entity-type users --entity-name '${username}'
@@ -278,6 +285,7 @@ spec:
                       topic_configs="$(echo "${topic_item}" | jq -r '(.configs // {}) | to_entries | map("\(.key)=\(.value|tostring)") | join(",")')"
                       [ -z "${topic_name}" ] && continue
 
+                      echo "Reconciling Kafka topic ${topic_name}"
                       kubectl -n kafka exec "${target_pod}" -c kafka -- /bin/bash -lc "\
                         /opt/bitnami/kafka/bin/kafka-topics.sh --bootstrap-server localhost:9094 --command-config /tmp/admin.properties \
                           --create --if-not-exists --topic '${topic_name}' --partitions '${partitions}' --replication-factor '${replication_factor}'