radondb-mysql-kubernetes
radondb-mysql-kubernetes copied to clipboard
[Feature] Support Mutate MySQL user's password
Is your feature request related to a problem? Please describe.
- It's a bad way to update the user password by deleting and then recreating it,
DELETE
is dangerous. - It's may not a k8s style operation.
Describe the solution you'd like
ideas of user's reconciliation
- create user if not exists
- watch
userpassword-secret
and reconcile user's password with it - reoncile user's permissions with permissions in mysqluser CR
- users managed by MySQL Operator can no longer change the password in the other way!!!
POC:
mysql> CREATE USER IF NOT EXISTS 'larryhuang'@'%' identified by 'mypassword';
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> SELECT count(1) password_matched from mysql.user where user='larryhuang' and authentication_string=PASSWORD('mypassword');
+------------------+
| password_matched |
+------------------+
| 1 |
+------------------+
1 row in set, 1 warning (0.00 sec)
mysql> UPDATE mysql.user SET authentication_string=PASSWORD('mynewpassword') WHERE user = 'larryhuang';
Query OK, 1 row affected, 1 warning (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 1
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
Describe alternatives you've considered
Additional context