Skip to content

Commit

Permalink
chore: update system account statements (#1435)
Browse files Browse the repository at this point in the history 
(cherry picked from commit 405b6f9)
  • Loading branch information
@leon-inf
leon-inf committed Jan 23, 2025
1 parent f5f7cd0 commit 2f4a9f5
Show file tree
Hide file tree
Showing 8 changed files with 77 additions and 39 deletions.
15 changes: 10 additions & 5 deletions addons/apecloud-mysql/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,23 +107,28 @@ systemAccounts:
numSymbols: 0
letterCase: MixedCases
- name: kbadmin
statement: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT ALL PRIVILEGES ON ${ALL_DB} TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT ALL PRIVILEGES ON ${ALL_DB} TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: &defaultPasswordGenerationPolicy
length: 16
numDigits: 8
numSymbols: 0
letterCase: MixedCases
- name: kbdataprotection
statement: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}';GRANT RELOAD, LOCK TABLES, PROCESS, REPLICATION CLIENT ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT LOCK TABLES,RELOAD,PROCESS,REPLICATION CLIENT, SUPER,SELECT,EVENT,TRIGGER,SHOW VIEW ON ${ALL_DB} TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}';GRANT RELOAD, LOCK TABLES, PROCESS, REPLICATION CLIENT ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT LOCK TABLES,RELOAD,PROCESS,REPLICATION CLIENT, SUPER,SELECT,EVENT,TRIGGER,SHOW VIEW ON ${ALL_DB} TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: *defaultPasswordGenerationPolicy
- name: kbprobe
statement: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT REPLICATION CLIENT, PROCESS ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT SELECT ON performance_schema.* TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT REPLICATION CLIENT, PROCESS ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT SELECT ON performance_schema.* TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: *defaultPasswordGenerationPolicy
- name: kbmonitoring
statement: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT REPLICATION CLIENT, PROCESS ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT SELECT ON performance_schema.* TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT REPLICATION CLIENT, PROCESS ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT SELECT ON performance_schema.* TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: *defaultPasswordGenerationPolicy
- name: kbreplicator
statement: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT REPLICATION SLAVE ON ${ALL_DB} TO ${KB_ACCOUNT_NAME} WITH GRANT OPTION;
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT REPLICATION SLAVE ON ${ALL_DB} TO ${KB_ACCOUNT_NAME} WITH GRANT OPTION;
passwordGenerationPolicy: *defaultPasswordGenerationPolicy
tls:
volumeName: tls
Expand Down
3 changes: 2 additions & 1 deletion addons/apecloud-postgresql/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -212,7 +212,8 @@ systemAccounts:
letterCase: MixedCases
numDigits: 5
numSymbols: 0
statement: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
tls:
volumeName: tls
mountPath: /etc/pki/tls
Expand Down
21 changes: 14 additions & 7 deletions addons/mysql/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,26 +109,32 @@ systemAccounts:
numSymbols: 0
letterCase: MixedCases
- name: kbadmin
statement: select 1;
statement:
create: select 1;
passwordGenerationPolicy: &defaultPasswordGenerationPolicy
length: 16
numDigits: 8
numSymbols: 0
letterCase: MixedCases
- name: kbdataprotection
statement: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}';GRANT RELOAD, LOCK TABLES, PROCESS, REPLICATION CLIENT ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT LOCK TABLES,RELOAD,PROCESS,REPLICATION CLIENT, SUPER,SELECT,EVENT,TRIGGER,SHOW VIEW ON ${ALL_DB} TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}';GRANT RELOAD, LOCK TABLES, PROCESS, REPLICATION CLIENT ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT LOCK TABLES,RELOAD,PROCESS,REPLICATION CLIENT, SUPER,SELECT,EVENT,TRIGGER,SHOW VIEW ON ${ALL_DB} TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: *defaultPasswordGenerationPolicy
- name: kbprobe
statement: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT REPLICATION CLIENT, PROCESS ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT SELECT ON performance_schema.* TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT REPLICATION CLIENT, PROCESS ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT SELECT ON performance_schema.* TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: *defaultPasswordGenerationPolicy
- name: kbmonitoring
statement: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT REPLICATION CLIENT, PROCESS ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT SELECT ON performance_schema.* TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT REPLICATION CLIENT, PROCESS ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT SELECT ON performance_schema.* TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: *defaultPasswordGenerationPolicy
- name: kbreplicator
statement: select 1;
statement:
create: select 1;
passwordGenerationPolicy: *defaultPasswordGenerationPolicy
- name: proxysql
statement: CREATE USER IF NOT EXISTS '${KB_ACCOUNT_NAME}' IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT SELECT ON performance_schema.* TO '${KB_ACCOUNT_NAME}'; GRANT SELECT ON sys.* TO '${KB_ACCOUNT_NAME}';
statement:
create: CREATE USER IF NOT EXISTS '${KB_ACCOUNT_NAME}' IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT SELECT ON performance_schema.* TO '${KB_ACCOUNT_NAME}'; GRANT SELECT ON sys.* TO '${KB_ACCOUNT_NAME}';
vars:
- name: CLUSTER_NAME
valueFrom:
Expand Down Expand Up @@ -278,7 +284,8 @@ systemAccounts:
numSymbols: 0
letterCase: MixedCases
- name: proxysql
statement: CREATE USER IF NOT EXISTS '${KB_ACCOUNT_NAME}' IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT SELECT ON performance_schema.* TO '${KB_ACCOUNT_NAME}'; GRANT SELECT ON sys.* TO '${KB_ACCOUNT_NAME}';
statement:
create: CREATE USER IF NOT EXISTS '${KB_ACCOUNT_NAME}' IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT SELECT ON performance_schema.* TO '${KB_ACCOUNT_NAME}'; GRANT SELECT ON sys.* TO '${KB_ACCOUNT_NAME}';
roles:
- name: primary
updatePriority: 2
Expand Down
17 changes: 11 additions & 6 deletions addons/orioledb/templates/cmpd.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,23 +67,28 @@ spec:
numSymbols: 0
letterCase: MixedCases
- name: kbadmin
statement: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
passwordGenerationPolicy: &defaultPasswdGenerationPolicy
length: 10
numDigits: 5
numSymbols: 0
letterCase: MixedCases
- name: kbdataprotection
statement: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
- name: kbprobe
statement: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
- name: kbmonitoring
statement: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
- name: kbreplicator
statement: CREATE USER ${KB_ACCOUNT_NAME} WITH REPLICATION PASSWORD '${KB_ACCOUNT_PASSWORD}';
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} WITH REPLICATION PASSWORD '${KB_ACCOUNT_PASSWORD}';
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
tls:
volumeName: tls
Expand Down Expand Up @@ -410,4 +415,4 @@ spec:
medium: Memory
{{- with .Values.shmVolume.sizeLimit }}
sizeLimit: {{ . }}
{{- end }}
{{- end }}
15 changes: 10 additions & 5 deletions addons/postgresql/templates/componentdefinition-12.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,23 +160,28 @@ spec:
numSymbols: 0
letterCase: MixedCases
- name: kbadmin
statement: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
passwordGenerationPolicy: &defaultPasswdGenerationPolicy
length: 10
numDigits: 5
numSymbols: 0
letterCase: MixedCases
- name: kbdataprotection
statement: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
- name: kbprobe
statement: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
- name: kbmonitoring
statement: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
- name: kbreplicator
statement: CREATE USER ${KB_ACCOUNT_NAME} WITH REPLICATION PASSWORD '${KB_ACCOUNT_PASSWORD}';
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} WITH REPLICATION PASSWORD '${KB_ACCOUNT_PASSWORD}';
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
tls:
volumeName: tls
Expand Down
15 changes: 10 additions & 5 deletions addons/postgresql/templates/componentdefinition-14.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,23 +160,28 @@ spec:
numSymbols: 0
letterCase: MixedCases
- name: kbadmin
statement: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
passwordGenerationPolicy: &defaultPasswdGenerationPolicy
length: 10
numDigits: 5
numSymbols: 0
letterCase: MixedCases
- name: kbdataprotection
statement: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
- name: kbprobe
statement: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
- name: kbmonitoring
statement: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
- name: kbreplicator
statement: CREATE USER ${KB_ACCOUNT_NAME} WITH REPLICATION PASSWORD '${KB_ACCOUNT_PASSWORD}';
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} WITH REPLICATION PASSWORD '${KB_ACCOUNT_PASSWORD}';
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
tls:
volumeName: tls
Expand Down
15 changes: 10 additions & 5 deletions addons/postgresql/templates/componentdefinition-15.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,23 +160,28 @@ spec:
numSymbols: 0
letterCase: MixedCases
- name: kbadmin
statement: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
passwordGenerationPolicy: &defaultPasswdGenerationPolicy
length: 10
numDigits: 5
numSymbols: 0
letterCase: MixedCases
- name: kbdataprotection
statement: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
- name: kbprobe
statement: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
- name: kbmonitoring
statement: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
- name: kbreplicator
statement: CREATE USER ${KB_ACCOUNT_NAME} WITH REPLICATION PASSWORD '${KB_ACCOUNT_PASSWORD}';
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} WITH REPLICATION PASSWORD '${KB_ACCOUNT_PASSWORD}';
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
tls:
volumeName: tls
Expand Down
15 changes: 10 additions & 5 deletions addons/postgresql/templates/componentdefinition-16.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,23 +160,28 @@ spec:
numSymbols: 0
letterCase: MixedCases
- name: kbadmin
statement: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
passwordGenerationPolicy: &defaultPasswdGenerationPolicy
length: 10
numDigits: 5
numSymbols: 0
letterCase: MixedCases
- name: kbdataprotection
statement: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
- name: kbprobe
statement: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
- name: kbmonitoring
statement: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
- name: kbreplicator
statement: CREATE USER ${KB_ACCOUNT_NAME} WITH REPLICATION PASSWORD '${KB_ACCOUNT_PASSWORD}';
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} WITH REPLICATION PASSWORD '${KB_ACCOUNT_PASSWORD}';
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
tls:
volumeName: tls
Expand Down

0 comments on commit 2f4a9f5

Please sign in to comment.