Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Password rotation of the default user. #568

Closed
samof76 opened this issue Feb 26, 2023 · 2 comments · May be fixed by #570
Closed

Password rotation of the default user. #568

samof76 opened this issue Feb 26, 2023 · 2 comments · May be fixed by #570
Labels
stale

Comments

@samof76
Copy link
Contributor

samof76 commented Feb 26, 2023

The default user is responsible for the all the control plane operations, hence password rotation for this user is not well defined has some glaring holes like the following.

Scenario One

  1. Update the password for default user
  2. Operator will immediately start using the password

All operator calls to the master and replicas, will fail as the password does not propogate, unless there is restart.

Scenario Two

  1. Update the password for default user
  2. Try to initial as rolling restart of the Redis pods(manually)

Replication will fail as the master will have different password(older) than the replicas(new password). This defeats the failover.

Scenrario three

  1. Update the password for default user

Coordinating the password propogration and the application rollout is extremely difficult

Solution

Use acl based management of the default user.
@samof76 samof76 mentioned this issue Feb 27, 2023
Open
@github-actions
Copy link

This issue is stale because it has been open for 45 days with no activity.

@github-actions github-actions bot added the stale label Apr 13, 2023
@github-actions
Copy link

This issue was closed because it has been inactive for 14 days since being marked as stale.

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Apr 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Making an ACL for the default user pych/redis-operator
1 participant
@samof76