Closed tomjo closed 1 month ago
provider-sql simply uses the upstream provided function, I think a more complex password generator is out-of-scope for provider-sql considering the varying requirements of passwords across organisations.
That's a bit of a copout. This just means it is unusable in any organization with a modern security policy.
What happened?
We're evaluating crossplane with provider-sql to manage our mysql resources. We'd like to make use of the generated password feature, however this is using the default crossplane-runtime password generation settings which does not include any special characters.
The default mysql password validation policy (MEDIUM) requires atleast one special character: https://dev.mysql.com/doc/mysql-secure-deployment-guide/8.0/en/secure-deployment-password-validation.html
So we're currently not able to create a user without specifying our own passwords: we get a kubernetes event on the User resource with: cannot create user: Error 1819: Your password does not satisfy the current policy requirements
How can we reproduce it?
Create a User without specifying a password secret ref and point provider-sql at a mysql with the default password validation policy.
What environment did it happen in?
Crossplane version: 1.15.0 provider-sql version: v0.9.0 mysql version: 8.0.34