Uploaded image for project: 'Percona Monitoring and Management'
  1. Percona Monitoring and Management
  2. PMM-7015

DBaaS Preview: Create DB cluster with randomly-generated password

Details

    • 2
    • Platform Sprint 33, 01 - Server Integrations
    • Yes
    • Yes
    • Server Integrations

    Description

      User Story:

      • As a PMM Admin user I need to get a random password for every DB cluster I'm creating using DBaaS so that increase the security of my instances

      Suggested implementation:

      1. Create a custom secrest resource like this where the password is a randomly generated and secure password.
      The name should have the form of dbaas + db-cluster-name + db-cluster-type + secrets.yaml

      apiVersion: v1
      kind: Secret
      metadata:
        name: cluster1-mongodb-secrets
      type: Opaque
      stringData:
        MONGODB_BACKUP_USER: backup
        MONGODB_BACKUP_PASSWORD: backup123456
        MONGODB_CLUSTER_ADMIN_USER: clusterAdmin
        MONGODB_CLUSTER_ADMIN_PASSWORD: clusterAdmin123456
        MONGODB_CLUSTER_MONITOR_USER: clusterMonitor
        MONGODB_CLUSTER_MONITOR_PASSWORD: clusterMonitor123456
        MONGODB_USER_ADMIN_USER: userAdmin
        MONGODB_USER_ADMIN_PASSWORD: userAdmin123456
        PMM_SERVER_USER: admin
        PMM_SERVER_PASSWORD: admin 

      **2. kubectl apply - <secrets file from step 1>

      3. Create DB cluster using the same name we use in the metadata: name section of the secrets file.  (cluster1-mongodb-secrets in this example)

      4. Update the Get method  for PSMDB & PXC (example: https://github.com/percona-platform/dbaas-controller/blob/PMM-6899_cluster_external_connections/service/cluster/xtra_db_cluster.go#L220-L243) to retrieve secrets. Secrets can be retrieved from K8 with this command: 

      kubectl get secrets my-cluster-name-secrets -o json  


      UI:

      Out of scope:

      • The ability for the user to change or reset this password from  the UI 
      • If the user changed it from the DB console  - it's ok to show the old one  here, until ^  implemented 

       

      Acceptance Criteria:

      • Password provided by the system for root user are randomized for every DB Cluster

      How to test:

      1. Create DB cluster
      2. Call the GET method to retrieve the user info
      3. Try to connect manually to cluster with credentials received in step 2

      Attachments

        Issue Links

          Activity

            People

              andrii.skomorokhov Andrii Skomorokhov (Inactive)
              roma.novikov Roma Novikov
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Smart Checklist