crossplane-contrib
role.postgresql: Secret empty when importing existing role
What problem are you facing?
Secret is empty when Crossplane is taking control over existing role in the database. Expected it to be propagated with values, like when creating a new role or when changing password
DB: create role example
apiVersion: postgresql.sql.crossplane.io/v1alpha1
kind: Role
metadata:
name: example
spec:
forProvider: {}
providerConfigRef:
name: <providerConfigRef>
writeConnectionSecretToRef:
name: example
namespace: crossplane-system
How could Crossplane help solve your problem?
By publishing secrets more often.
I am facing exactly same problem but with MySQL User mysql.sql.crossplane.io/v1alpha1/users
I am facing exactly same problem but with MySQL User
mysql.sql.crossplane.io/v1alpha1/users
After investigating this further actually this is correct behaviour! Passwords are stored in database as a in hashed format and there is no way to decrypt it so SQL provider can't do that for us
You can use passwordSecretRef and in that secret set either current password or set new password
When passwordSecretRef is used than all values are propagated to connection secret (tested that with https://doc.crds.dev/github.com/crossplane-contrib/provider-sql/mysql.sql.crossplane.io/User/[email protected])
Yes, but we use IAM authentication on AWS and don't really care about password, but username is known and should be published, even if password is not.
I think you are right @petteja this seems to be a bug
My workaround for that is to set on your Composition fromFieldPath under connectionDetails e.g.
connectionDetails:
- name: uername
fromFieldPath: "metadata.annotations[crossplane.io/external-name]"
- name: endpoint
fromConnectionSecretKey: endpoint