DPE-2177 Stop creating root@% user

canonical / mysql-operator

Machine charm for MySQL following the operator framework

https://charmhub.io/mysql

Apache License 2.0

7 stars 10 forks source link

DPE-2177 Stop creating root@% user #293

Closed shayancanonical closed 1 year ago

shayancanonical commented 1 year ago

Issue

We are creating the root@% that is not used anywhere in the operator. This user poses a security risk.

Solution

Stop creating the root@% user. Thus root@% is no longer exposed to any consuming applications (there dont look to be any applications/relations that were using root@%. Additionally, when using the set-password or get-password actions with username=root, the user root@localhost is affected.

Followups

How to get a consistent list of user, host combinations when upgrading existing clusters

codecov[bot] commented 1 year ago

Codecov Report

Merging #293 (83cb530) into main (2ff030b) will decrease coverage by 0.29%. Report is 2 commits behind head on main. The diff coverage is 50.00%.

@@            Coverage Diff             @@
##             main     #293      +/-   ##
==========================================
- Coverage   63.80%   63.52%   -0.29%     
==========================================
  Files          15       15              
  Lines        2815     2829      +14     
  Branches      365      367       +2     
==========================================
+ Hits         1796     1797       +1     
- Misses        904      916      +12     
- Partials      115      116       +1

Files Changed	Coverage Δ
lib/charms/mysql/v0/mysql.py	`70.02% <50.00%> (-0.16%)`	:arrow_down:

... and 1 file with indirect coverage changes

paulomach commented 1 year ago

@shayancanonical you can go ahead, I'm dealing with the root removal separately