Add examples for hash-based User creation

userWithPasswordHash.yaml - Creating a User with SHA-512 hash.
passwordlessUser.yaml - Creating a User with empty hash. Password field is ignored, paswordless user is created.

Author: NikSays

docs/examples/users/README.md

@@ -1,8 +1,15 @@
 # User examples
 
-This section contains 3 examples for creating RabbitMQ users.
-Messaging Topology Operator creates users with generated credentials by default. To create RabbitMQ users with provided credentials, you can reference a kubernetes secret object contains keys `username` and `password` in its Data field.
-See [userPreDefinedCreds.yaml](./userPreDefinedCreds.yaml) and [publish-consume-user.yaml](./publish-consume-user.yaml) as examples.
+This section contains the examples for creating RabbitMQ users.
+
+Messaging Topology Operator creates users with generated credentials by default. To create RabbitMQ users with provided credentials, you can reference a kubernetes secret object with the following keys in its Data field:
+
+* `username` – Must be present or the import will fail.
+* `passwordHash` – The SHA-512 hash of the password, as described in [RabbitMQ Docs](https://www.rabbitmq.com/docs/passwords). If the hash is an empty string, a passwordless user will be created.
+* `password` – Plain-text password. Will be used only if the `passwordHash` key is missing.  
+
+See [userPreDefinedCreds.yaml](./userPreDefinedCreds.yaml), [userWithPasswordHash.yaml](userWithPasswordHash.yaml), [passwordlessUser.yaml](passwordlessUser.yaml) and [publish-consume-user.yaml](./publish-consume-user.yaml) as examples.
+
 From [Messaging Topology Operator v1.10.0](https://github.com/rabbitmq/messaging-topology-operator/releases/tag/v1.10.1), you can provide a username and reply on the Operator to generate its password for you.
 See [setUsernamewithGenPass.yaml](./setUsernamewithGenPass.yaml) as an example.
 

docs/examples/users/passwordlessUser.yaml

@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: credentials-secret
+type: Opaque
+stringData:
+  username: import-user-sample
+  passwordHash: "" # The user will not have a valid password. Login attempts with any password will be rejected
+  password: anythingreally # This value will be ignored, because `passwordHash` takes precedence
+---
+apiVersion: rabbitmq.com/v1beta1
+kind: User
+metadata:
+  name: import-user-sample
+spec:
+  tags:
+  - management # available tags are 'management', 'policymaker', 'monitoring' and 'administrator'
+  - policymaker
+  rabbitmqClusterReference:
+    name: test # rabbitmqCluster must exist in the same namespace as this resource
+  importCredentialsSecret:
+    name: credentials-secret

docs/examples/users/userWithPasswordHash.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: credentials-secret
+type: Opaque
+stringData:
+  username: import-user-sample
+  passwordHash: SjWbNXaNEwcoOOZWxG6J1HCF5P83lUavsCto+wh1s9zdOfoZ/CPv6l/SSdK3RC2+1QWmJGdYt5740j3ZLf/0RbpusNc= # SHA-512 hash of "some-password"
+---
+apiVersion: rabbitmq.com/v1beta1
+kind: User
+metadata:
+  name: import-user-sample
+spec:
+  tags:
+  - management # available tags are 'management', 'policymaker', 'monitoring' and 'administrator'
+  - policymaker
+  rabbitmqClusterReference:
+    name: test # rabbitmqCluster must exist in the same namespace as this resource
+  importCredentialsSecret:
+    name: credentials-secret