fix(core): add warning when config admin password is ignored

[thc1006]

Summary

• Add warning log when harbor_admin_password in config is ignored because admin password already exists in database
• Refactor updateInitPassword for testability with dependency injection
• Add unit tests for password initialization scenarios

Background

The harbor_admin_password setting only applies during initial installation. When users modify this value after Harbor is running, the change is silently ignored, leading to "username or password is not correct" errors when they try to login with the new password.

This is documented behavior but causes recurring confusion (see related issues below).

Changes

src/core/main.go

• Extract updateInitPasswordWithMgr to accept user manager as parameter
• Add warning log when config password is set but will not be applied

src/core/main_test.go (new)

• Test: new user password initialization
• Test: existing user password skip
• Test: warning when config password set
• Test: no warning when config password empty

Test Plan

• Unit tests pass locally
• Build passes
• Manual verification with Harbor deployment

Related Issues

Fixes #22704

Related: #21981, #17122, #12639, #11600

[Copilot]

Pull request overview

This PR addresses a common user confusion by adding a warning message when the harbor_admin_password configuration setting is ignored during Harbor startup. The admin password setting only applies during initial installation, and changes after the first run are silently ignored, leading to login errors that are documented but frequently misunderstood.

Key Changes:

• Refactored password initialization logic to support dependency injection for testability
• Added warning log when config admin password is set but won't be applied due to existing database password
• Implemented comprehensive unit tests covering all password initialization scenarios

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
src/core/main.go	Extracted updateInitPasswordWithMgr function with dependency injection and added conditional warning when config password is ignored
src/core/main_test.go	Added four unit tests covering new user password initialization, existing user skip behavior, warning presence/absence scenarios

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[codecov]

Codecov Report

❌ Patch coverage is 83.33333% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 68.62%. Comparing base (c8c11b4) to head (3760df0).
⚠️ Report is 612 commits behind head on main.

Files with missing lines	Patch %	Lines
src/core/main.go	83.33%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##             main   #22709       +/-   ##
===========================================
+ Coverage   45.36%   68.62%   +23.26%     
===========================================
  Files         244      821      +577     
  Lines       13333   101831    +88498     
  Branches     2719        0     -2719     
===========================================
+ Hits         6049    69886    +63837     
- Misses       6983    28057    +21074     
- Partials      301     3888     +3587     

Flag	Coverage Δ
unittests	68.62% <83.33%> (+23.26%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
src/core/main.go	4.58% <83.33%> (ø)

... and 1052 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[thc1006]

TL;DR: Kindly requesting a re-run of the failed APITEST_DB_PROXY_CACHE job and the addition of a release-note/fix label. Both failures appear unrelated to the code changes in this PR.

---

Dear maintainers,

Thank you very much for taking the time to review this pull request. I have carefully analyzed the CI failures and would like to respectfully share my findings.

Regarding APITEST_DB_PROXY_CACHE failure:

The test failure shows Test Case - Proxy Cache | FAIL | 1 != 0, which appears to be a flaky test or infrastructure-related issue. This PR only modifies the admin password warning logic in src/core/main.go and its corresponding unit tests, and does not touch any Proxy Cache functionality. I have observed that other recent PRs have also experienced similar intermittent failures with this particular test.

I would be most grateful if you could kindly re-run the failed job at your convenience.

Regarding Check release-note label set failure:

This PR requires a release-note/* label to pass the CI check. Since this is a bug fix that addresses issue #22704, I believe release-note/fix would be the appropriate label.

Would you be so kind as to add this label when you have a moment?

I sincerely apologize for any inconvenience this request may cause. Please do not hesitate to let me know if there is anything I should modify or if you have any concerns about the implementation.

Thank you very much for your time and consideration.

Best regards

[wy65701436]

How can we determine whether the user is a Harbor admin? At the very least, should we check the user ID?