config: revoke privs for default users and roles
All user-defined users and roles are not being removed and their
privileges are not being revoked when this user or role is removed
from config. This is done to prevent extreme repercussions of
misconfiguration, e.g. empty config is provided to cluster and it
breaks up.
Default users and roles are not supposed to be changed, so this rule
does not apply to them. Now all of non-default privileges will be
revoked if such user or role is removed from config.
Default users:
* guest
* admin
Default roles:
* super
* public
* replication
Part of #8967
NO_DOC=documentation request will be filed manually for the whole
credentials
Showing
- changelogs/unreleased/gh-8967-creds-restore-defaults-for-default-user.md 4 additions, 0 deletions...leased/gh-8967-creds-restore-defaults-for-default-user.md
- src/box/lua/config/applier/credentials.lua 29 additions, 0 deletionssrc/box/lua/config/applier/credentials.lua
- test/config-luatest/credentials_applier_test.lua 91 additions, 0 deletionstest/config-luatest/credentials_applier_test.lua
Loading
Please register or sign in to comment