*: add pattern validation for cluster

api/v1alpha1/cluster_types.go

@@ -70,9 +70,12 @@ type ClusterSpec struct {
 
 // MysqlOpts defines the options of MySQL container.
 type MysqlOpts struct {
-	// Password for the root user.
+	// Password for the root user, can be empty or 8~32 characters long.
+	// Only be a combination of uppercase letters, lowercase letters, numbers or special characters.
+	// Special characters are supported: @#$%^&*_+-=.
 	// +optional
 	// +kubebuilder:default:=""
+	// +kubebuilder:validation:Pattern="^$|^[A-Za-z0-9@#$%^&*_+\\-=]{8,32}$"
 	RootPassword string `json:"rootPassword,omitempty"`
 
 	// The root user's host.
@@ -81,13 +84,18 @@ type MysqlOpts struct {
 	RootHost string `json:"rootHost,omitempty"`
 
 	// Username of new user to create.
+	// Only be a combination of letters, numbers or underlines. The length can not exceed 26 characters.
 	// +optional
 	// +kubebuilder:default:="qc_usr"
+	// +kubebuilder:validation:Pattern="^[A-Za-z0-9_]{2,26}$"
 	User string `json:"user,omitempty"`
 
-	// Password for the new user.
+	// Password for the new user, must be 8~32 characters long.
+	// Only be a combination of uppercase letters, lowercase letters, numbers or special characters.
+	// Special characters are supported: @#$%^&*_+-=.
 	// +optional
 	// +kubebuilder:default:="Qing@123"
+	// +kubebuilder:validation:Pattern="^[A-Za-z0-9@#$%^&*_+\\-=]{8,32}$"
 	Password string `json:"password,omitempty"`
 
 	// Name for new database to create.

charts/mysql-operator/crds/mysql.radondb.com_clusters.yaml

@@ -139,7 +139,11 @@ spec:
                     type: object
                   password:
                     default: Qing@123
-                    description: Password for the new user.
+                    description: 'Password for the new user, must be 8~32 characters
+                      long. Only be a combination of uppercase letters, lowercase
+                      letters, numbers or special characters. Special characters are
+                      supported: @#$%^&*_+-=.'
+                    pattern: ^[A-Za-z0-9@#$%^&*_+\-=]{8,32}$
                     type: string
                   resources:
                     default:
@@ -180,11 +184,18 @@ spec:
                     type: string
                   rootPassword:
                     default: ""
-                    description: Password for the root user.
+                    description: 'Password for the root user, can be empty or 8~32
+                      characters long. Only be a combination of uppercase letters,
+                      lowercase letters, numbers or special characters. Special characters
+                      are supported: @#$%^&*_+-=.'
+                    pattern: ^$|^[A-Za-z0-9@#$%^&*_+\-=]{8,32}$
                     type: string
                   user:
                     default: qc_usr
-                    description: Username of new user to create.
+                    description: Username of new user to create. Only be a combination
+                      of letters, numbers or underlines. The length can not exceed
+                      26 characters.
+                    pattern: ^[A-Za-z0-9_]{2,26}$
                     type: string
                 type: object
               mysqlVersion:

cluster/cluster.go

@@ -59,6 +59,14 @@ func (c *Cluster) Unwrap() *apiv1alpha1.Cluster {
 	return c.Cluster
 }
 
+func (c *Cluster) Validate() error {
+	if utils.StringInArray(c.Spec.MysqlOpts.User, []string{"root", utils.ReplicationUser, utils.OperatorUser, utils.MetricsUser}) {
+		return fmt.Errorf("spec.mysqlOpts.user cannot be root|%s|%s|%s", utils.ReplicationUser, utils.OperatorUser, utils.MetricsUser)
+	}
+
+	return nil
+}
+
 // GetLabels returns cluster labels
 func (c *Cluster) GetLabels() labels.Set {
 	instance := c.Name

config/crd/bases/mysql.radondb.com_clusters.yaml

@@ -139,7 +139,11 @@ spec:
                     type: object
                   password:
                     default: Qing@123
-                    description: Password for the new user.
+                    description: 'Password for the new user, must be 8~32 characters
+                      long. Only be a combination of uppercase letters, lowercase
+                      letters, numbers or special characters. Special characters are
+                      supported: @#$%^&*_+-=.'
+                    pattern: ^[A-Za-z0-9@#$%^&*_+\-=]{8,32}$
                     type: string
                   resources:
                     default:
@@ -180,11 +184,18 @@ spec:
                     type: string
                   rootPassword:
                     default: ""
-                    description: Password for the root user.
+                    description: 'Password for the root user, can be empty or 8~32
+                      characters long. Only be a combination of uppercase letters,
+                      lowercase letters, numbers or special characters. Special characters
+                      are supported: @#$%^&*_+-=.'
+                    pattern: ^$|^[A-Za-z0-9@#$%^&*_+\-=]{8,32}$
                     type: string
                   user:
                     default: qc_usr
-                    description: Username of new user to create.
+                    description: Username of new user to create. Only be a combination
+                      of letters, numbers or underlines. The length can not exceed
+                      26 characters.
+                    pattern: ^[A-Za-z0-9_]{2,26}$
                     type: string
                 type: object
               mysqlVersion:

controllers/cluster_controller.go

@@ -77,6 +77,10 @@ func (r *ClusterReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
 		return ctrl.Result{}, err
 	}
 
+	if err = instance.Validate(); err != nil {
+		return ctrl.Result{}, err
+	}
+
 	status := *instance.Status.DeepCopy()
 	defer func() {
 		if !reflect.DeepEqual(status, instance.Status) {

internal/sql_runner.go

@@ -19,13 +19,14 @@ package internal
 import (
 	"database/sql"
 	"fmt"
-	"sort"
 	"strconv"
 	"strings"
 	"time"
 
 	_ "github.com/go-sql-driver/mysql"
 	corev1 "k8s.io/api/core/v1"
+
+	"github.com/radondb/radondb-mysql-kubernetes/utils"
 )
 
 var (
@@ -118,7 +119,7 @@ func (s *SQLRunner) checkSlaveStatus() (isLagged, isReplicating corev1.Condition
 	lastSQLError := columnValue(scanArgs, cols, "Last_SQL_Error")
 	secondsBehindMaster := columnValue(scanArgs, cols, "Seconds_Behind_Master")
 
-	if stringInArray(slaveIOState, errorConnectionStates) {
+	if utils.StringInArray(slaveIOState, errorConnectionStates) {
 		return isLagged, corev1.ConditionFalse, fmt.Errorf("Slave_IO_State: %s", slaveIOState)
 	}
 
@@ -227,10 +228,3 @@ func columnValue(scanArgs []interface{}, slaveCols []string, colName string) str
 
 	return string(*scanArgs[columnIndex].(*sql.RawBytes))
 }
-
-// stringInArray check whether the str is in the strArray.
-func stringInArray(str string, strArray []string) bool {
-	sort.Strings(strArray)
-	index := sort.SearchStrings(strArray, str)
-	return index < len(strArray) && strArray[index] == str
-}

sidecar/init.go

@@ -88,7 +88,7 @@ func runInitCommand(cfg *Config) error {
 		return fmt.Errorf("failed to save client.conf: %s", err)
 	}
 
-	if err = os.Mkdir(extraConfPath, os.FileMode(0755)); err != nil {
+	if err = os.Mkdir(extraConfPath, os.FileMode(0644)); err != nil {
 		if !os.IsExist(err) {
 			return fmt.Errorf("error mkdir %s: %s", extraConfPath, err)
 		}

utils/common.go

@@ -16,6 +16,8 @@ limitations under the License.
 
 package utils
 
+import "sort"
+
 // Min returns the smallest int64 that was passed in the arguments.
 func Min(a, b uint64) uint64 {
 	if a < b {
@@ -31,3 +33,10 @@ func Max(a, b uint64) uint64 {
 	}
 	return b
 }
+
+// StringInArray check whether the str is in the strArray.
+func StringInArray(str string, strArray []string) bool {
+	sort.Strings(strArray)
+	index := sort.SearchStrings(strArray, str)
+	return index < len(strArray) && strArray[index] == str
+}