Closed ivan-georgiev closed 11 months ago
itsuki3
commented
1 year ago Code branching based on version seems necessary. For MySQL 5.6 (Aurora 1.x) ... 16 characters For MySQL 5.7 (Aurora 2.x) ... 32 characters For MySQL 8.0 (Aurora 3.x) ... 32 characters
ivan-georgiev
commented
1 year ago According to official version documentation Aurora 1.x is depreciated so may be branching is not needed. Source: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.VersionPolicy.html
adrianwright
commented
11 months ago Given that Aurora 1.x is deprecated, would you receive a PR to check for 32 characters instead of 16, in all cases?
crus-umich
commented
11 months ago Hello, In order to maintain backward compatibility we have added a configurable environment variable named 'USERNAME_CHARACTER_LIMIT' to the lambda for MySQL alternating user rotation in this PR. It is defaulted to 16 but can be raised to 32 allowing for usernames up to 26 characters as we still reserve 6 for the '_clone' suffix.
Here's documentation on customizing your rotation function with this variable
ivan-georgiev
commented
11 months ago @crus-umich this is ok from code point of view, but I believe this code is used by hosted rotation lambda functions, where I do not see option to modify ENV. Ref.: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-secretsmanager-rotationschedule-hostedrotationlambda.html
Function get_alt_username raises exception if username is above 16 chars, engine limit is 32 ( https://dev.mysql.com/doc/refman/5.7/en/user-names.html )
if len(new_username) > 16: raise ValueError("Unable to clone user, username length with _clone appended would exceed 16 characters")