Generated secrets options

[fydrah]

Proposal

By default, the operator generates his secrets for system users (root, xtrabackup, proxyadmin, replication,...etc...).
The current secrets generation is based on constants, prohibiting any customization:

const (
	passwordMaxLen = 20
	passwordMinLen = 16
	passSymbols    = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" +
		"abcdefghijklmnopqrstuvwxyz" +
		"0123456789" +
		"!#$%&()*+,-.<=>?@[]^_{}~"
)

Proposal would be to have a minimal customization, e.g.:

• Enable/disable special symbols
• Customize min/max password length

we currently have the ability to seed these secrets ourselves, but the password generation from the operator itself remains very convenient when we want to avoid extra-steps to manage the passwords generation.

Use-Case

• Since K8SPXC-1616 first char of a proxyadmin user password must not be a *  #1962 has been merge, we hit very often the issue of an invalid password generated by the operator itself. Having the ability to disable special symbols will fix this issue
• Having the ability to disable special symbols will be really helpful because some of them are not well supported by several tool (mysql prometheus exporter, mysqlsh,..) or custom scripts.

Is this a feature you are interested in implementing yourself?

Yes

Anything else?

No response

[gkech]

Hello @fydrah , thanks for this issue, we prepared this ticket to track this work: https://perconadev.atlassian.net/browse/K8SPXC-1733