-
Notifications
You must be signed in to change notification settings - Fork 96
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
5ba7dfa
commit f25c1e9
Showing
6 changed files
with
765 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
package update | ||
|
||
// Cockroach roles that we can grant/revoke for users. | ||
const ( | ||
// Fixed fields in the client certificate. Any other values will be rejected by Vault. | ||
// Remember to update <repo root>/conf/policies/intrusion.hcl when updating this list of users. | ||
RootSQLUser = "root" | ||
NodeUser = "node" | ||
AdminRole = "admin" | ||
) | ||
|
||
// internalUsers is a set of SQL users created as part of the managed service, not to be used | ||
// by customers. This struct is used to hide specific users in the console. | ||
var internalUsers = map[string]struct{}{ | ||
RootSQLUser: {}, | ||
NodeUser: {}, | ||
} | ||
|
||
// internalDBs is a set of SQL databases created as part of CRDB, not to be used by customers. | ||
var internalDBs = map[string]struct{}{ | ||
"system": {}, | ||
"postgres": {}, | ||
} | ||
|
||
func IsInternalUser(user string) bool { | ||
_, ok := internalUsers[user] | ||
return ok | ||
} | ||
|
||
func IsInternalDB(db string) bool { | ||
_, ok := internalDBs[db] | ||
return ok | ||
} |
Oops, something went wrong.