Generated password does not meet default password requirements for mysql user

[tomjo]

What happened?

We're evaluating crossplane with provider-sql to manage our mysql resources. We'd like to make use of the generated password feature, however this is using the default crossplane-runtime password generation settings which does not include any special characters.

The default mysql password validation policy (MEDIUM) requires atleast one special character: https://dev.mysql.com/doc/mysql-secure-deployment-guide/8.0/en/secure-deployment-password-validation.html

So we're currently not able to create a user without specifying our own passwords: we get a kubernetes event on the User resource with: cannot create user: Error 1819: Your password does not satisfy the current policy requirements

How can we reproduce it?

Create a User without specifying a password secret ref and point provider-sql at a mysql with the default password validation policy.

What environment did it happen in?

Crossplane version: 1.15.0 provider-sql version: v0.9.0 mysql version: 8.0.34

[Duologic]

provider-sql simply uses the upstream provided function, I think a more complex password generator is out-of-scope for provider-sql considering the varying requirements of passwords across organisations.

[rradillen]

That's a bit of a copout. This just means it is unusable in any organization with a modern security policy.