cli/demo: provision an initial non-root "demo" user #54749
cli/demo: provision an initial non-root "demo" user #54749craig[bot] merged 5 commits intocockroachdb:masterfrom
root "demo" user #54749Conversation
This makes it easier to process a file other than the standard input. Release note: None
root "demo" user
|
This change is |
1b286b4 to
cf81313
Compare
pkg/cli/initial_sql.go
Outdated
| // a cluster is started for the first time. | ||
| // | ||
| // The "startSingleNode" argument is true for `start-single-node` | ||
| // and `cockroach demo` with 2 nodes or less. |
There was a problem hiding this comment.
[nit] rephrase to use "fewer" instead?
pkg/cli/initial_sql.go
Outdated
| func runInitialSQL(ctx context.Context, s *server.Server, startSingleNode bool) error { | ||
| if startSingleNode && s.InitialStart() { | ||
| // For start-single-node, set the default replication factor to | ||
| // 1 so as to avoid warning message and unnecessary rebalance |
There was a problem hiding this comment.
"1 to avoid the warning message..."?
pkg/security/password.go
Outdated
| const symbols = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" | ||
| var result strings.Builder | ||
| for i := 0; i < length; i++ { | ||
| r := rand.Intn(len(symbols)) |
There was a problem hiding this comment.
🐶 🔍 isn't math/rand in appropriate here? I thought that was what we had crypto/rand for.
There was a problem hiding this comment.
I realize it doesn't matter now, it's just used for cockroach demo, but GenerateRandomPassword within pkg/security seems too enticing for use elsewhere. If the intent here is to have it only used in cockroach demo, should we rename/add a caveat somewhere? Again, 🐶 🔍
Release note (cli change): `cockroach sql` and `cockroach demo` now support the command-line parameter `--input-file` (shorthand `-f`) to read commands from a named file. The behavior is the same as if the file was redirected on the standard input; in particular, the processing stops at the first error encountered (which is different from interactive usage with a prompt). Note that it is not (yet) possible to combine `-f` with `-e`.
cf81313 to
9884177
Compare
knz
left a comment
There was a problem hiding this comment.
Reviewable status:
complete! 0 of 0 LGTMs obtained (waiting on @arulajmani, @irfansharif, and @otan)
pkg/security/password.go, line 102 at r4 (raw file):
Previously, irfansharif (irfan sharif) wrote…
I realize it doesn't matter now, it's just used for
cockroach demo, but GenerateRandomPassword within pkg/security seems too enticing for use elsewhere. If the intent here is to have it only used incockroach demo, should we rename/add a caveat somewhere? Again, 🐶 🔍
Done.
pkg/cli/initial_sql.go, line 27 at r3 (raw file):
Previously, irfansharif (irfan sharif) wrote…
[nit] rephrase to use "fewer" instead?
Done.
pkg/cli/initial_sql.go, line 31 at r3 (raw file):
Previously, irfansharif (irfan sharif) wrote…
"1 to avoid the warning message..."?
Done.
This also makes `cockroach demo` and `cockroach start` share the same initialization function. Release note (cli change): The large banner message "Replication has been disabled for this cluster ..." that was unconditionally emitted on the standard error stream for `cockroach start-single-node` has now become a simple log message at severity INFO.
This implements an alphanumeric password generator. Release note: None
Release note (cli change): `cockroach demo` now pre-creates a `demo` user account with a random password, instead of letting (and encouraging) the user to use the `root` account directly. The `demo` account is currently granted the `admin` role.
9884177 to
aff9c7c
Compare
|
bors r=irfansharif |
|
Build succeeded: |
Fixes #54557.
Requested by @jseldess
First 2 commits from #54741 (can be ignored during review)
Release note (cli change):
cockroach demonow pre-creates ademouser account with a random password, instead of letting (and
encouraging) the user to use the
rootaccount directly.The
demoaccount is currently granted theadminrole.