Support Optional Super/Root User in Instance Create
[Current Behavior]
When creating a database instance, initial databases and users can optionally be included in the request:
POST /instances
{
"instance": {
"name": "my_db",
{
}
],
"users": [
{
],
}
],
...
}
}
An important behavior to note is that when a user is provided without a list of databases:
"users": [
{
}
],
the user is still created, but without grants for any databases.
Summary: It's possible to create initial users and databases, but it's impossible to create superusers (i.e. the equivalent of a master user/password as seen in other DBaaS offerings).
Granted, it's possible to create/reset the root user, but it must be done as a separate request, after the instance has initialized.
[Options]
Implementations Considered:
#1) Add something resembling 'CONF.default_
#2) Add something resembling 'CONF.root_
#3) Re-purpose the empty-database-list use-case above as follows: If a user is provided without a list of databases, it is assumed that the user should be classified as a superuser and granted the privileges defined by CONF.root_
#4) Re-purpose the empty-database-list use-case above as follows: If the 'root' user is provided without a list of databases, it is assumed that the 'root' user should be enabled with the provided password, and granted the privileges defined by CONF.root_
Option #3 Considerations:
(3-1) With Option #3, should RootHistory still be observed?
(3-2) With Option #3, should customers not only be able to create superusers in 'create instance', but in 'create user' as well?
(3-3) With Option #3, should the customer be limited to one superuser (not including root)?
[Consensus]
Option #1 has horrifying security implications (depending on the environment), and requires the provider to message/explain the default password.
Option #3 with (3-1) and (3-2) is fairly sane, but it was decided that Option #2 was the simplest and easiest to reason about. The lack of a master/super username in Option #2 will work in our favor when multiple service types are supported, considering that some offerings don't have a root username (Redis), and others have a different root username (Cassandra).
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- High
- Drafter:
- None
- Direction:
- Needs approval
- Assignee:
- Auston McReynolds
- Definition:
- Approved
- Series goal:
- Accepted for icehouse
- Implementation:
- Implemented
- Milestone target:
- None
- Started by
- Auston McReynolds
- Completed by
- Auston McReynolds
Related branches
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Support Optional Super User in Instance Create