percona · inelpandzic · Sep 26, 2024 · Sep 26, 2024 · Sep 26, 2024 · Oct 2, 2024
@@ -10230,6 +10230,34 @@ spec:
                   versionServiceEndpoint:
                     type: string
                 type: object
+              users:
+                items:
+                  properties:
+                    dbs:
+                      items:
+                        type: string
+                      type: array
+                    grants:
+                      items:
+                        type: string
+                      type: array
+                    hosts:
+                      items:
+                        type: string
+                      type: array
+                    name:
+                      type: string
+                    passwordSecretRef:
+                      properties:
+                        key:
+                          type: string
+                        name:
+                          type: string
+                      type: object
+                    withGrantOption:
+                      type: boolean
+                  type: object
+                type: array
               vaultSecretName:
                 type: string
             type: object

@@ -11132,6 +11132,34 @@ spec:
                   versionServiceEndpoint:
                     type: string
                 type: object
+              users:
+                items:
+                  properties:
+                    dbs:
+                      items:
+                        type: string
+                      type: array
+                    grants:
+                      items:
+                        type: string
+                      type: array
+                    hosts:
+                      items:
+                        type: string
+                      type: array
+                    name:
+                      type: string
+                    passwordSecretRef:
+                      properties:
+                        key:
+                          type: string
+                        name:
+                          type: string
+                      type: object
+                    withGrantOption:
+                      type: boolean
+                  type: object
+                type: array
               vaultSecretName:
                 type: string
             type: object

@@ -556,6 +556,24 @@ spec:
       requests:
         memory: 100M
         cpu: 200m
+
+#  users:
+#  - name: my-user
+#    dbs:
+#    - db1
+#    - db2
+#    hosts:
+#    - localhost
+#    grants:
+#    - SELECT
+#    - DELETE
+#    - INSERT
+#    withGrantOption: true
+#    passwordSecretRef:
+#      name: my-user-pwd
+#      key: my-user-pwd-key
+#  - name: my-user-two
+
   pmm:
     enabled: false
     image: perconalab/pmm-client:dev-latest

@@ -11132,6 +11132,34 @@ spec:
                   versionServiceEndpoint:
                     type: string
                 type: object
+              users:
+                items:
+                  properties:
+                    dbs:
+                      items:
+                        type: string
+                      type: array
+                    grants:
+                      items:
+                        type: string
+                      type: array
+                    hosts:
+                      items:
+                        type: string
+                      type: array
+                    name:
+                      type: string
+                    passwordSecretRef:
+                      properties:
+                        key:
+                          type: string
+                        name:
+                          type: string
+                      type: object
+                    withGrantOption:
+                      type: boolean
+                  type: object
+                type: array
               vaultSecretName:
                 type: string
             type: object

@@ -11132,6 +11132,34 @@ spec:
                   versionServiceEndpoint:
                     type: string
                 type: object
+              users:
+                items:
+                  properties:
+                    dbs:
+                      items:
+                        type: string
+                      type: array
+                    grants:
+                      items:
+                        type: string
+                      type: array
+                    hosts:
+                      items:
+                        type: string
+                      type: array
+                    name:
+                      type: string
+                    passwordSecretRef:
+                      properties:
+                        key:
+                          type: string
+                        name:
+                          type: string
+                      type: object
+                    withGrantOption:
+                      type: boolean
+                  type: object
+                type: array
               vaultSecretName:
                 type: string
             type: object

@@ -0,0 +1 @@
+100500
@@ -0,0 +1 @@
+user-five	%
@@ -0,0 +1,2 @@
+GRANT SELECT ON *.* TO `user-five`@`%`
+GRANT REPLICATION_APPLIER,REPLICATION_SLAVE_ADMIN ON *.* TO `user-five`@`%`
@@ -0,0 +1 @@
+user-four	%
@@ -0,0 +1,3 @@
+GRANT SELECT ON *.* TO `user-four`@`%`
+GRANT REPLICATION_APPLIER,REPLICATION_SLAVE_ADMIN ON *.* TO `user-four`@`%`
+GRANT INSERT ON `test1`.* TO `user-four`@`%`
@@ -0,0 +1,2 @@
+GRANT SELECT ON *.* TO `user-four`@`%`
+GRANT REPLICATION_APPLIER,REPLICATION_SLAVE_ADMIN ON *.* TO `user-four`@`%`
@@ -0,0 +1,2 @@
+user-one	%
+user-one	127.0.0.1
@@ -0,0 +1,3 @@
+GRANT USAGE ON *.* TO `user-one`@`127.0.0.1`
+GRANT SELECT, INSERT ON `db1`.* TO `user-one`@`127.0.0.1`
+GRANT SELECT, INSERT ON `db2`.* TO `user-one`@`127.0.0.1`
@@ -0,0 +1,3 @@
+GRANT USAGE ON *.* TO `user-one`@`%`
+GRANT SELECT, INSERT ON `db1`.* TO `user-one`@`%`
+GRANT SELECT, INSERT ON `db2`.* TO `user-one`@`%`
@@ -0,0 +1 @@
+user-three	%
@@ -0,0 +1 @@
+GRANT USAGE ON *.* TO `user-three`@`%`
@@ -0,0 +1 @@
+user-two	%
@@ -0,0 +1 @@
+GRANT INSERT, UPDATE ON *.* TO `user-two`@`%`
@@ -0,0 +1,124 @@
+apiVersion: pxc.percona.com/v1-6-0
+kind: PerconaXtraDBCluster
+metadata:
+  name: some-name
+  finalizers:
+    - percona.com/delete-pxc-pods-in-order
+spec:
+  secretsName: my-cluster-secrets
+  vaultSecretName: some-name-vault
+  pause: false
+
+  users:
+  - name: user-one
+    dbs:
+    - db1
+    - db2
+    hosts:
+    - '%'
+    - '127.0.0.1'
+    grants:
+    - SELECT
+    - INSERT
+    passwordSecretRef:
+      name: user-secrets
+      key: pwd-key-one
+  - name: user-two
+    hosts:
+    - '%'
+    grants:
+    - INSERT
+    - UPDATE
+    passwordSecretRef:
+      name: user-secrets # will use default user password key
+  - name: user-three # will use generated password
+
+  pxc:
+    size: 3
+    image: -pxc
+    resources:
+      requests:
+        memory: 0.1G
+        cpu: 100m
+      limits:
+        memory: "1G"
+        cpu: "1"
+    volumeSpec:
+      persistentVolumeClaim:
+        resources:
+          requests:
+            storage: 2Gi
+    affinity:
+      antiAffinityTopologyKey: "kubernetes.io/hostname"
+    podDisruptionBudget:
+      maxUnavailable: 1
+  haproxy:
+    enabled: true
+    size: 3
+    image: -haproxy
+    affinity:
+      antiAffinityTopologyKey: "kubernetes.io/hostname"
+    tolerations:
+    - key: "node.alpha.kubernetes.io/unreachable"
+      operator: "Exists"
+      effect: "NoExecute"
+      tolerationSeconds: 6000
+    podDisruptionBudget:
+      maxUnavailable: 2
+  proxysql:
+    enabled: false
+    size: 2
+    image: -proxysql
+    resources:
+      requests:
+        memory: 0.1G
+        cpu: 100m
+      limits:
+        memory: 1G
+        cpu: 700m
+    volumeSpec:
+      persistentVolumeClaim:
+        resources:
+          requests:
+            storage: 2Gi
+    affinity:
+      antiAffinityTopologyKey: "kubernetes.io/hostname"
+    podDisruptionBudget:
+      maxUnavailable: 1
+  pmm:
+    enabled: false
+    image: perconalab/pmm-client:1.17.1
+    serverHost: monitoring-service
+    serverUser: pmm
+  backup:
+    image: -backup
+    serviceAccountName: default
+    storages:
+      pvc:
+        type: filesystem
+        volume:
+          persistentVolumeClaim:
+            accessModes: [ "ReadWriteOnce" ]
+            resources:
+              requests:
+                storage: 1Gi
+      aws-s3:
+        type: s3
+        s3:
+          region: us-east-1
+          bucket: operator-testing
+          credentialsSecret: aws-s3-secret
+      minio:
+        type: s3
+        s3:
+          credentialsSecret: minio-secret
+          region: us-east-1
+          bucket: operator-testing
+          endpointUrl: http://minio-service:9000/
+      gcp-cs:
+        type: s3
+        s3:
+          credentialsSecret: gcp-cs-secret
+          region: us-east-1
+          bucket: operator-testing
+          endpointUrl: https://storage.googleapis.com
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: user-secrets
+type: Opaque
+stringData:
+  pwd-key-one: testpass
+  pwd-key-two: testpass2
+  password: testpass3
+# ---
+# apiVersion: v1
+# kind: Secret
+# metadata:
+#   name: user-secrets-two
+# type: Opaque
+# stringData:
+#   pwd-key: testpass
+#   password: testpass