rpk: make mechanism flag required in user update

Without this, a user could inadvertently change the
mechanism because we default the flag to
SCRAM-SHA-256.

(cherry picked from commit 07943e6)

src/go/rpk/pkg/cli/acl/user/update.go

@@ -40,8 +40,9 @@ func newUpdateCommand(fs afero.Fs, p *config.Params) *cobra.Command {
 	}
 
 	cmd.Flags().StringVar(&newPass, "new-password", "", "New user's password.")
-	cmd.Flags().StringVar(&mechanism, "mechanism", adminapi.ScramSha256, "SASL mechanism to use for the user you are creating (scram-sha-256, scram-sha-512, case insensitive)")
+	cmd.Flags().StringVar(&mechanism, "mechanism", adminapi.ScramSha256, "SASL mechanism to use for the user you are updating (scram-sha-256, scram-sha-512, case insensitive)")
 	cmd.MarkFlagRequired("new-password")
+	cmd.MarkFlagRequired("mechanism")
 
 	return cmd
 }

tests/rptest/clients/rpk.py

@@ -353,10 +353,11 @@ def sasl_create_user_basic_mix(self,
 
         return self._run(cmd)
 
-    def sasl_update_user(self, user, new_password):
+    def sasl_update_user(self, user, new_password, new_mechanism):
         cmd = [
             "acl", "user", "update", user, "--new-password", new_password,
-            "-X", "admin.hosts=" + self._redpanda.admin_endpoints()
+            "--mechanism", new_mechanism, "-X",
+            "admin.hosts=" + self._redpanda.admin_endpoints()
         ]
         return self._run(cmd)
 

tests/rptest/tests/rpk_acl_test.py

@@ -122,7 +122,8 @@ def test_create_update(self):
         # We check that we can list the topics:
         assert topic in topic_list
 
-        out = self._rpk.sasl_update_user(self.username, new_password)
+        out = self._rpk.sasl_update_user(self.username, new_password,
+                                         self.mechanism)
         assert f'Updated user "{self.username}" successfully' in out
 
         with expect_exception(