Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: update system account statements #1435

Merged
merged 1 commit into from
Jan 23, 2025
Merged

chore: update system account statements #1435

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 10 additions & 5 deletions addons/apecloud-mysql/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,23 +107,28 @@ systemAccounts:
numSymbols: 0
letterCase: MixedCases
- name: kbadmin
statement: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT ALL PRIVILEGES ON ${ALL_DB} TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT ALL PRIVILEGES ON ${ALL_DB} TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: &defaultPasswordGenerationPolicy
length: 16
numDigits: 8
numSymbols: 0
letterCase: MixedCases
- name: kbdataprotection
statement: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}';GRANT RELOAD, LOCK TABLES, PROCESS, REPLICATION CLIENT ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT LOCK TABLES,RELOAD,PROCESS,REPLICATION CLIENT, SUPER,SELECT,EVENT,TRIGGER,SHOW VIEW ON ${ALL_DB} TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}';GRANT RELOAD, LOCK TABLES, PROCESS, REPLICATION CLIENT ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT LOCK TABLES,RELOAD,PROCESS,REPLICATION CLIENT, SUPER,SELECT,EVENT,TRIGGER,SHOW VIEW ON ${ALL_DB} TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: *defaultPasswordGenerationPolicy
- name: kbprobe
statement: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT REPLICATION CLIENT, PROCESS ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT SELECT ON performance_schema.* TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT REPLICATION CLIENT, PROCESS ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT SELECT ON performance_schema.* TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: *defaultPasswordGenerationPolicy
- name: kbmonitoring
statement: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT REPLICATION CLIENT, PROCESS ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT SELECT ON performance_schema.* TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT REPLICATION CLIENT, PROCESS ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT SELECT ON performance_schema.* TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: *defaultPasswordGenerationPolicy
- name: kbreplicator
statement: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT REPLICATION SLAVE ON ${ALL_DB} TO ${KB_ACCOUNT_NAME} WITH GRANT OPTION;
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT REPLICATION SLAVE ON ${ALL_DB} TO ${KB_ACCOUNT_NAME} WITH GRANT OPTION;
passwordGenerationPolicy: *defaultPasswordGenerationPolicy
tls:
volumeName: tls
Expand Down
3 changes: 2 additions & 1 deletion addons/apecloud-postgresql/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -212,7 +212,8 @@ systemAccounts:
letterCase: MixedCases
numDigits: 5
numSymbols: 0
statement: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
tls:
volumeName: tls
mountPath: /etc/pki/tls
Expand Down
21 changes: 14 additions & 7 deletions addons/mysql/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,26 +109,32 @@ systemAccounts:
numSymbols: 0
letterCase: MixedCases
- name: kbadmin
statement: select 1;
statement:
create: select 1;
passwordGenerationPolicy: &defaultPasswordGenerationPolicy
length: 16
numDigits: 8
numSymbols: 0
letterCase: MixedCases
- name: kbdataprotection
statement: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}';GRANT RELOAD, LOCK TABLES, PROCESS, REPLICATION CLIENT ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT LOCK TABLES,RELOAD,PROCESS,REPLICATION CLIENT, SUPER,SELECT,EVENT,TRIGGER,SHOW VIEW ON ${ALL_DB} TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}';GRANT RELOAD, LOCK TABLES, PROCESS, REPLICATION CLIENT ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT LOCK TABLES,RELOAD,PROCESS,REPLICATION CLIENT, SUPER,SELECT,EVENT,TRIGGER,SHOW VIEW ON ${ALL_DB} TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: *defaultPasswordGenerationPolicy
- name: kbprobe
statement: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT REPLICATION CLIENT, PROCESS ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT SELECT ON performance_schema.* TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT REPLICATION CLIENT, PROCESS ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT SELECT ON performance_schema.* TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: *defaultPasswordGenerationPolicy
- name: kbmonitoring
statement: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT REPLICATION CLIENT, PROCESS ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT SELECT ON performance_schema.* TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT REPLICATION CLIENT, PROCESS ON ${ALL_DB} TO ${KB_ACCOUNT_NAME}; GRANT SELECT ON performance_schema.* TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: *defaultPasswordGenerationPolicy
- name: kbreplicator
statement: select 1;
statement:
create: select 1;
passwordGenerationPolicy: *defaultPasswordGenerationPolicy
- name: proxysql
statement: CREATE USER IF NOT EXISTS '${KB_ACCOUNT_NAME}' IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT SELECT ON performance_schema.* TO '${KB_ACCOUNT_NAME}'; GRANT SELECT ON sys.* TO '${KB_ACCOUNT_NAME}';
statement:
create: CREATE USER IF NOT EXISTS '${KB_ACCOUNT_NAME}' IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT SELECT ON performance_schema.* TO '${KB_ACCOUNT_NAME}'; GRANT SELECT ON sys.* TO '${KB_ACCOUNT_NAME}';
vars:
- name: CLUSTER_NAME
valueFrom:
Expand Down Expand Up @@ -287,7 +293,8 @@ systemAccounts:
numSymbols: 0
letterCase: MixedCases
- name: proxysql
statement: CREATE USER IF NOT EXISTS '${KB_ACCOUNT_NAME}' IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT SELECT ON performance_schema.* TO '${KB_ACCOUNT_NAME}'; GRANT SELECT ON sys.* TO '${KB_ACCOUNT_NAME}';
statement:
create: CREATE USER IF NOT EXISTS '${KB_ACCOUNT_NAME}' IDENTIFIED BY '${KB_ACCOUNT_PASSWORD}'; GRANT SELECT ON performance_schema.* TO '${KB_ACCOUNT_NAME}'; GRANT SELECT ON sys.* TO '${KB_ACCOUNT_NAME}';
roles:
- name: primary
updatePriority: 2
Expand Down
17 changes: 11 additions & 6 deletions addons/orioledb/templates/cmpd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,23 +67,28 @@ spec:
numSymbols: 0
letterCase: MixedCases
- name: kbadmin
statement: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
passwordGenerationPolicy: &defaultPasswdGenerationPolicy
length: 10
numDigits: 5
numSymbols: 0
letterCase: MixedCases
- name: kbdataprotection
statement: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
- name: kbprobe
statement: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
- name: kbmonitoring
statement: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
- name: kbreplicator
statement: CREATE USER ${KB_ACCOUNT_NAME} WITH REPLICATION PASSWORD '${KB_ACCOUNT_PASSWORD}';
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} WITH REPLICATION PASSWORD '${KB_ACCOUNT_PASSWORD}';
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
tls:
volumeName: tls
Expand Down Expand Up @@ -410,4 +415,4 @@ spec:
medium: Memory
{{- with .Values.shmVolume.sizeLimit }}
sizeLimit: {{ . }}
{{- end }}
{{- end }}
15 changes: 10 additions & 5 deletions addons/postgresql/templates/componentdefinition-12.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -160,23 +160,28 @@ spec:
numSymbols: 0
letterCase: MixedCases
- name: kbadmin
statement: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
passwordGenerationPolicy: &defaultPasswdGenerationPolicy
length: 10
numDigits: 5
numSymbols: 0
letterCase: MixedCases
- name: kbdataprotection
statement: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
- name: kbprobe
statement: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
- name: kbmonitoring
statement: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
- name: kbreplicator
statement: CREATE USER ${KB_ACCOUNT_NAME} WITH REPLICATION PASSWORD '${KB_ACCOUNT_PASSWORD}';
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} WITH REPLICATION PASSWORD '${KB_ACCOUNT_PASSWORD}';
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
tls:
volumeName: tls
Expand Down
15 changes: 10 additions & 5 deletions addons/postgresql/templates/componentdefinition-14.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -160,23 +160,28 @@ spec:
numSymbols: 0
letterCase: MixedCases
- name: kbadmin
statement: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
passwordGenerationPolicy: &defaultPasswdGenerationPolicy
length: 10
numDigits: 5
numSymbols: 0
letterCase: MixedCases
- name: kbdataprotection
statement: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
- name: kbprobe
statement: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
- name: kbmonitoring
statement: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
- name: kbreplicator
statement: CREATE USER ${KB_ACCOUNT_NAME} WITH REPLICATION PASSWORD '${KB_ACCOUNT_PASSWORD}';
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} WITH REPLICATION PASSWORD '${KB_ACCOUNT_PASSWORD}';
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
tls:
volumeName: tls
Expand Down
15 changes: 10 additions & 5 deletions addons/postgresql/templates/componentdefinition-15.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -160,23 +160,28 @@ spec:
numSymbols: 0
letterCase: MixedCases
- name: kbadmin
statement: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
passwordGenerationPolicy: &defaultPasswdGenerationPolicy
length: 10
numDigits: 5
numSymbols: 0
letterCase: MixedCases
- name: kbdataprotection
statement: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
- name: kbprobe
statement: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
- name: kbmonitoring
statement: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
- name: kbreplicator
statement: CREATE USER ${KB_ACCOUNT_NAME} WITH REPLICATION PASSWORD '${KB_ACCOUNT_PASSWORD}';
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} WITH REPLICATION PASSWORD '${KB_ACCOUNT_PASSWORD}';
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
tls:
volumeName: tls
Expand Down
15 changes: 10 additions & 5 deletions addons/postgresql/templates/componentdefinition-16.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -160,23 +160,28 @@ spec:
numSymbols: 0
letterCase: MixedCases
- name: kbadmin
statement: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
passwordGenerationPolicy: &defaultPasswdGenerationPolicy
length: 10
numDigits: 5
numSymbols: 0
letterCase: MixedCases
- name: kbdataprotection
statement: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} SUPERUSER PASSWORD '${KB_ACCOUNT_PASSWORD}';
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
- name: kbprobe
statement: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
- name: kbmonitoring
statement: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} WITH PASSWORD '${KB_ACCOUNT_PASSWORD}'; GRANT pg_monitor TO ${KB_ACCOUNT_NAME};
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
- name: kbreplicator
statement: CREATE USER ${KB_ACCOUNT_NAME} WITH REPLICATION PASSWORD '${KB_ACCOUNT_PASSWORD}';
statement:
create: CREATE USER ${KB_ACCOUNT_NAME} WITH REPLICATION PASSWORD '${KB_ACCOUNT_PASSWORD}';
passwordGenerationPolicy: *defaultPasswdGenerationPolicy
tls:
volumeName: tls
Expand Down
Loading