Conversation
…, "hidden-brooklyn-password")` so we can use this in examples rather than a plain-text password
also tweak mysql config to set up users slightly better
|
Should we make it easier to disable the provider? That way a "live" deployment of brooklyn would prevent its use. So if a developer forgets to update their yaml to use a real provider it will fail to deploy. |
|
OTOH someone using a live deployment might want to use one of the test blueprints. The docs describe how to change the password: https://github.com/apache/brooklyn-docs/pull/209/files#diff-b6c73a383415d543418f8762ce2dbe9eR79 I think that's sufficient. If someone really wants to disable that key we can tell them to include just the first line there (the provider is present, but empty); if that becomes a popular feature request then we add the ability to completely disable. |
|
note the two other PRs in downstream projects listed above |
| grant usage on *.* to 'brooklyn'@'localhost' identified by 'br00k11n'; | ||
|
|
||
| # the below will create user (and note create user not supported in some dialects) | ||
| grant usage on *.* to 'brooklyn'@'%' identified by '${config["creation.script.password"]}'; |
There was a problem hiding this comment.
Previously @aledsage deleted this version of the visitors creation script. We then found out a lot of downstream projects were using it. Do you think it would be worth adding a default here in case that is true for this file?
|
Ignore me ... It was never added. But i do think the flow i mentioned above would be incredibly useful |
|
@m4rkmckenna there is a "file-based exteranl config supplier" you can use for dev ( But I think that @ahgittin's change here is a separate good addition as it means stock examples can work out-of-the-box without the user having to modify I agree with @drigodwin's suggestion of giving a default in |
|
Good point re examples pointing to master. Will add default password in SQL script with comment (in several places, here and in lib). But we should probably change links in example to point at specific branches too. |
6 participants
some of our tests and examples used plain-text passwords, and this has caused some alarm when people have seen them. we can say "you can use external but we haven't" though isn't it better if our message is "you should use external just like we've shown" ?
this sets up a pre-defined external provider called
brooklyn-demo-samplewhich defineshidden-brooklyn-passwordasbr00k11n.it can be overridden; PR to follow for docs to explain this.
i think examples elsewhere should be updated to use this wherever a plaintext password is encoded in a blueprint for anything other than the simplest teaching example (clearly caveated and linking to the docs). i'll do the rest of the stock brooklyn ones shortly.