From 2f4a9f57d695c4ffa4e3a855f2c51d1c2b660b66 Mon Sep 17 00:00:00 2001 From: Leon Date: Thu, 23 Jan 2025 15:18:04 +0800 Subject: [PATCH] chore: update system account statements (#1435) (cherry picked from commit 405b6f977f27689b302e290999ae6e3ec8cc0854) --- addons/apecloud-mysql/templates/_helpers.tpl | 15 ++++++++----- .../templates/_helpers.tpl | 3 ++- addons/mysql/templates/_helpers.tpl | 21 ++++++++++++------- addons/orioledb/templates/cmpd.yaml | 17 +++++++++------ .../templates/componentdefinition-12.yaml | 15 ++++++++----- .../templates/componentdefinition-14.yaml | 15 ++++++++----- .../templates/componentdefinition-15.yaml | 15 ++++++++----- .../templates/componentdefinition-16.yaml | 15 ++++++++----- 8 files changed, 77 insertions(+), 39 deletions(-) diff --git a/addons/apecloud-mysql/templates/_helpers.tpl b/addons/apecloud-mysql/templates/_helpers.tpl index fd4f913b4..e54cb7310 100644 --- a/addons/apecloud-mysql/templates/_helpers.tpl +++ b/addons/apecloud-mysql/templates/_helpers.tpl @@ -107,23 +107,28 @@ systemAccounts: numSymbols: 0 letterCase: MixedCases - name: kbadmin - statement: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT ALL PRIVILEGES ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT ALL PRIVILEGES ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; passwordGenerationPolicy: &defaultPasswordGenerationPolicy length: 16 numDigits: 8 numSymbols: 0 letterCase: MixedCases - name: kbdataprotection - statement: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}';GRANT RELOAD, LOCK TABLES, PROCESS, REPLICATION CLIENT ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT LOCK TABLES,RELOAD,PROCESS,REPLICATION CLIENT, SUPER,SELECT,EVENT,TRIGGER,SHOW VIEW ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}';GRANT RELOAD, LOCK TABLES, PROCESS, REPLICATION CLIENT ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT LOCK TABLES,RELOAD,PROCESS,REPLICATION CLIENT, SUPER,SELECT,EVENT,TRIGGER,SHOW VIEW ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; passwordGenerationPolicy: *defaultPasswordGenerationPolicy - name: kbprobe - statement: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT REPLICATION CLIENT, PROCESS ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT SELECT ON performance_schema.* TO ${KB_ACCOUNT_NAME}; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT REPLICATION CLIENT, PROCESS ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT SELECT ON performance_schema.* TO ${KB_ACCOUNT_NAME}; passwordGenerationPolicy: *defaultPasswordGenerationPolicy - name: kbmonitoring - statement: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT REPLICATION CLIENT, PROCESS ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT SELECT ON performance_schema.* TO ${KB_ACCOUNT_NAME}; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT REPLICATION CLIENT, PROCESS ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT SELECT ON performance_schema.* TO ${KB_ACCOUNT_NAME}; passwordGenerationPolicy: *defaultPasswordGenerationPolicy - name: kbreplicator - statement: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT REPLICATION SLAVE ON ${ALL_DB} TO ${KB_ACCOUNT_NAME} WITH GRANT OPTION; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT REPLICATION SLAVE ON ${ALL_DB} TO ${KB_ACCOUNT_NAME} WITH GRANT OPTION; passwordGenerationPolicy: *defaultPasswordGenerationPolicy tls: volumeName: tls diff --git a/addons/apecloud-postgresql/templates/_helpers.tpl b/addons/apecloud-postgresql/templates/_helpers.tpl index 9eff7cda2..ba2cb7df2 100644 --- a/addons/apecloud-postgresql/templates/_helpers.tpl +++ b/addons/apecloud-postgresql/templates/_helpers.tpl @@ -212,7 +212,8 @@ systemAccounts: letterCase: MixedCases numDigits: 5 numSymbols: 0 - statement: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}'; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}'; tls: volumeName: tls mountPath: /etc/pki/tls diff --git a/addons/mysql/templates/_helpers.tpl b/addons/mysql/templates/_helpers.tpl index e68b3e370..61f889df7 100644 --- a/addons/mysql/templates/_helpers.tpl +++ b/addons/mysql/templates/_helpers.tpl @@ -109,26 +109,32 @@ systemAccounts: numSymbols: 0 letterCase: MixedCases - name: kbadmin - statement: select 1; + statement: + create: select 1; passwordGenerationPolicy: &defaultPasswordGenerationPolicy length: 16 numDigits: 8 numSymbols: 0 letterCase: MixedCases - name: kbdataprotection - statement: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}';GRANT RELOAD, LOCK TABLES, PROCESS, REPLICATION CLIENT ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT LOCK TABLES,RELOAD,PROCESS,REPLICATION CLIENT, SUPER,SELECT,EVENT,TRIGGER,SHOW VIEW ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}';GRANT RELOAD, LOCK TABLES, PROCESS, REPLICATION CLIENT ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT LOCK TABLES,RELOAD,PROCESS,REPLICATION CLIENT, SUPER,SELECT,EVENT,TRIGGER,SHOW VIEW ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; passwordGenerationPolicy: *defaultPasswordGenerationPolicy - name: kbprobe - statement: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT REPLICATION CLIENT, PROCESS ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT SELECT ON performance_schema.* TO ${KB_ACCOUNT_NAME}; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT REPLICATION CLIENT, PROCESS ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT SELECT ON performance_schema.* TO ${KB_ACCOUNT_NAME}; passwordGenerationPolicy: *defaultPasswordGenerationPolicy - name: kbmonitoring - statement: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT REPLICATION CLIENT, PROCESS ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT SELECT ON performance_schema.* TO ${KB_ACCOUNT_NAME}; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT REPLICATION CLIENT, PROCESS ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT SELECT ON performance_schema.* TO ${KB_ACCOUNT_NAME}; passwordGenerationPolicy: *defaultPasswordGenerationPolicy - name: kbreplicator - statement: select 1; + statement: + create: select 1; passwordGenerationPolicy: *defaultPasswordGenerationPolicy - name: proxysql - statement: CREATE USER IF NOT EXISTS '${KB_ACCOUNT_NAME}' IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT SELECT ON performance_schema.* TO '${KB_ACCOUNT_NAME}'; GRANT SELECT ON sys.* TO '${KB_ACCOUNT_NAME}'; + statement: + create: CREATE USER IF NOT EXISTS '${KB_ACCOUNT_NAME}' IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT SELECT ON performance_schema.* TO '${KB_ACCOUNT_NAME}'; GRANT SELECT ON sys.* TO '${KB_ACCOUNT_NAME}'; vars: - name: CLUSTER_NAME valueFrom: @@ -278,7 +284,8 @@ systemAccounts: numSymbols: 0 letterCase: MixedCases - name: proxysql - statement: CREATE USER IF NOT EXISTS '${KB_ACCOUNT_NAME}' IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT SELECT ON performance_schema.* TO '${KB_ACCOUNT_NAME}'; GRANT SELECT ON sys.* TO '${KB_ACCOUNT_NAME}'; + statement: + create: CREATE USER IF NOT EXISTS '${KB_ACCOUNT_NAME}' IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT SELECT ON performance_schema.* TO '${KB_ACCOUNT_NAME}'; GRANT SELECT ON sys.* TO '${KB_ACCOUNT_NAME}'; roles: - name: primary updatePriority: 2 diff --git a/addons/orioledb/templates/cmpd.yaml b/addons/orioledb/templates/cmpd.yaml index b42234bca..0917e099c 100644 --- a/addons/orioledb/templates/cmpd.yaml +++ b/addons/orioledb/templates/cmpd.yaml @@ -67,23 +67,28 @@ spec: numSymbols: 0 letterCase: MixedCases - name: kbadmin - statement: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}'; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}'; passwordGenerationPolicy: &defaultPasswdGenerationPolicy length: 10 numDigits: 5 numSymbols: 0 letterCase: MixedCases - name: kbdataprotection - statement: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}'; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}'; passwordGenerationPolicy: *defaultPasswdGenerationPolicy - name: kbprobe - statement: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME}; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME}; passwordGenerationPolicy: *defaultPasswdGenerationPolicy - name: kbmonitoring - statement: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME}; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME}; passwordGenerationPolicy: *defaultPasswdGenerationPolicy - name: kbreplicator - statement: CREATE USER ${KB_ACCOUNT_NAME} WITH REPLICATION PASSWORD '${KB_ACCOUNT_PASSWORD}'; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} WITH REPLICATION PASSWORD '${KB_ACCOUNT_PASSWORD}'; passwordGenerationPolicy: *defaultPasswdGenerationPolicy tls: volumeName: tls @@ -410,4 +415,4 @@ spec: medium: Memory {{- with .Values.shmVolume.sizeLimit }} sizeLimit: {{ . }} - {{- end }} \ No newline at end of file + {{- end }} diff --git a/addons/postgresql/templates/componentdefinition-12.yaml b/addons/postgresql/templates/componentdefinition-12.yaml index 4493baaba..652ed4c21 100644 --- a/addons/postgresql/templates/componentdefinition-12.yaml +++ b/addons/postgresql/templates/componentdefinition-12.yaml @@ -160,23 +160,28 @@ spec: numSymbols: 0 letterCase: MixedCases - name: kbadmin - statement: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}'; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}'; passwordGenerationPolicy: &defaultPasswdGenerationPolicy length: 10 numDigits: 5 numSymbols: 0 letterCase: MixedCases - name: kbdataprotection - statement: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}'; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}'; passwordGenerationPolicy: *defaultPasswdGenerationPolicy - name: kbprobe - statement: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME}; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME}; passwordGenerationPolicy: *defaultPasswdGenerationPolicy - name: kbmonitoring - statement: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME}; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME}; passwordGenerationPolicy: *defaultPasswdGenerationPolicy - name: kbreplicator - statement: CREATE USER ${KB_ACCOUNT_NAME} WITH REPLICATION PASSWORD '${KB_ACCOUNT_PASSWORD}'; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} WITH REPLICATION PASSWORD '${KB_ACCOUNT_PASSWORD}'; passwordGenerationPolicy: *defaultPasswdGenerationPolicy tls: volumeName: tls diff --git a/addons/postgresql/templates/componentdefinition-14.yaml b/addons/postgresql/templates/componentdefinition-14.yaml index ede42ee40..830d9e2ae 100644 --- a/addons/postgresql/templates/componentdefinition-14.yaml +++ b/addons/postgresql/templates/componentdefinition-14.yaml @@ -160,23 +160,28 @@ spec: numSymbols: 0 letterCase: MixedCases - name: kbadmin - statement: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}'; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}'; passwordGenerationPolicy: &defaultPasswdGenerationPolicy length: 10 numDigits: 5 numSymbols: 0 letterCase: MixedCases - name: kbdataprotection - statement: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}'; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}'; passwordGenerationPolicy: *defaultPasswdGenerationPolicy - name: kbprobe - statement: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME}; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME}; passwordGenerationPolicy: *defaultPasswdGenerationPolicy - name: kbmonitoring - statement: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME}; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME}; passwordGenerationPolicy: *defaultPasswdGenerationPolicy - name: kbreplicator - statement: CREATE USER ${KB_ACCOUNT_NAME} WITH REPLICATION PASSWORD '${KB_ACCOUNT_PASSWORD}'; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} WITH REPLICATION PASSWORD '${KB_ACCOUNT_PASSWORD}'; passwordGenerationPolicy: *defaultPasswdGenerationPolicy tls: volumeName: tls diff --git a/addons/postgresql/templates/componentdefinition-15.yaml b/addons/postgresql/templates/componentdefinition-15.yaml index 287761828..a60a5ea03 100644 --- a/addons/postgresql/templates/componentdefinition-15.yaml +++ b/addons/postgresql/templates/componentdefinition-15.yaml @@ -160,23 +160,28 @@ spec: numSymbols: 0 letterCase: MixedCases - name: kbadmin - statement: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}'; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}'; passwordGenerationPolicy: &defaultPasswdGenerationPolicy length: 10 numDigits: 5 numSymbols: 0 letterCase: MixedCases - name: kbdataprotection - statement: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}'; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}'; passwordGenerationPolicy: *defaultPasswdGenerationPolicy - name: kbprobe - statement: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME}; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME}; passwordGenerationPolicy: *defaultPasswdGenerationPolicy - name: kbmonitoring - statement: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME}; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME}; passwordGenerationPolicy: *defaultPasswdGenerationPolicy - name: kbreplicator - statement: CREATE USER ${KB_ACCOUNT_NAME} WITH REPLICATION PASSWORD '${KB_ACCOUNT_PASSWORD}'; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} WITH REPLICATION PASSWORD '${KB_ACCOUNT_PASSWORD}'; passwordGenerationPolicy: *defaultPasswdGenerationPolicy tls: volumeName: tls diff --git a/addons/postgresql/templates/componentdefinition-16.yaml b/addons/postgresql/templates/componentdefinition-16.yaml index 96148b3f3..eb5f162a7 100644 --- a/addons/postgresql/templates/componentdefinition-16.yaml +++ b/addons/postgresql/templates/componentdefinition-16.yaml @@ -160,23 +160,28 @@ spec: numSymbols: 0 letterCase: MixedCases - name: kbadmin - statement: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}'; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}'; passwordGenerationPolicy: &defaultPasswdGenerationPolicy length: 10 numDigits: 5 numSymbols: 0 letterCase: MixedCases - name: kbdataprotection - statement: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}'; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}'; passwordGenerationPolicy: *defaultPasswdGenerationPolicy - name: kbprobe - statement: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME}; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME}; passwordGenerationPolicy: *defaultPasswdGenerationPolicy - name: kbmonitoring - statement: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME}; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME}; passwordGenerationPolicy: *defaultPasswdGenerationPolicy - name: kbreplicator - statement: CREATE USER ${KB_ACCOUNT_NAME} WITH REPLICATION PASSWORD '${KB_ACCOUNT_PASSWORD}'; + statement: + create: CREATE USER ${KB_ACCOUNT_NAME} WITH REPLICATION PASSWORD '${KB_ACCOUNT_PASSWORD}'; passwordGenerationPolicy: *defaultPasswdGenerationPolicy tls: volumeName: tls