def __init__(self, password=None, *args, **kwargs):
        if password is None:
            password = utils.generate_random_password()

        # TODO(pmalik): Name should really be 'Administrator' instead.
        super(CouchbaseRootUser, self).__init__("root", password=password,
                                                *args, **kwargs)

    def enable_root(cls, root_password=None):
        """Enable access with the sys user and/or
           reset the sys password.
        """
        if root_password:
            sys_pwd = root_password
        else:
            sys_pwd = utils.generate_random_password(password_length=30)

        ora_admin = OracleAdmin()
        databases, marker = ora_admin.list_databases()
        for database in databases:
            oradb = models.OracleSchema.deserialize_schema(database)
            with LocalOracleClient(oradb.name, service=True) as client:
                client.execute('alter user sys identified by "%s"' %
                               sys_pwd)

        oracnf = OracleConfig()
        oracnf.enable_root()
        oracnf.sys_password = sys_pwd
        LOG.debug('enable_root completed')

        user = models.RootUser()
        user.name = "sys"
        user.host = "%"
        user.password = sys_pwd
        return user.serialize()

 def _add_query_routers(self, query_routers, config_server_ips,
                        admin_password=None):
     """Configure the given query routers for the cluster.
     If this is a new_cluster an admin user will be created with a randomly
     generated password, else the password needs to be retrieved from
     and existing query router.
     """
     LOG.debug('adding new query router(s) %s with config server '
               'ips %s' % ([i.id for i in query_routers],
                           config_server_ips))
     for query_router in query_routers:
         try:
             LOG.debug("calling add_config_servers on query router %s"
                       % query_router.id)
             guest = self.get_guest(query_router)
             guest.add_config_servers(config_server_ips)
             if not admin_password:
                 LOG.debug("creating cluster admin user")
                 admin_password = utils.generate_random_password()
                 guest.create_admin_user(admin_password)
             else:
                 guest.store_admin_password(admin_password)
         except Exception:
             LOG.exception(_("error adding config servers"))
             self.update_statuses_on_failure(self.id)
             return False
     return True

    def _create_replication_user(self):
        replication_user = None
        replication_password = utils.generate_random_password(16)

        mysql_user = models.MySQLUser()
        mysql_user.password = replication_password

        retry_count = 0

        while replication_user is None:
            try:
                mysql_user.name = 'slave_' + str(uuid.uuid4())[:8]
                MySqlAdmin().create_user([mysql_user.serialize()])
                LOG.debug("Trying to create replication user " +
                          mysql_user.name)
                replication_user = {
                    'name': mysql_user.name,
                    'password': replication_password
                }
            except Exception:
                retry_count += 1
                if retry_count > 5:
                    LOG.error(_("Replication user retry count exceeded"))
                    raise

        return replication_user

 def create_database(self, databases):
     """Create the given database(s)."""
     dbName = None
     db_create_failed = []
     LOG.debug("Creating Oracle databases.")
     ora_conf = OracleConfig()
     for database in databases:
         oradb = models.OracleSchema.deserialize_schema(database)
         dbName = oradb.name
         ora_conf.db_name = dbName
         LOG.debug("Creating Oracle database: %s." % dbName)
         try:
             sys_pwd = utils.generate_random_password(password_length=30)
             ora_conf.sys_password = sys_pwd
             run_command(system.CREATE_DB_COMMAND %
                         {'gdbname': dbName, 'sid': dbName,
                          'pswd': sys_pwd, 'db_ram': CONF.get(MANAGER).db_ram_size,
                          'template': CONF.get(MANAGER).template})
             client = LocalOracleClient(sid=dbName, service=True, user_id='sys', password=sys_pwd)
             self._create_admin_user(client)
             self.create_cloud_user_role(database)
         except exception.ProcessExecutionError:
             LOG.exception(_(
                 "There was an error creating database: %s.") % dbName)
             db_create_failed.append(dbName)
             pass
     if len(db_create_failed) > 0:
         LOG.exception(_("Creating the following databases failed: %s.") %
                       db_create_failed)

 def _create_admin_user(self, context):
     """Create an administrative user for Trove.
     Force password encryption.
     """
     password = utils.generate_random_password()
     os_admin = {"_name": self.ADMIN_USER, "_password": password, "_databases": [{"_name": self.ADMIN_USER}]}
     self._create_user(context, os_admin, True, *self.ADMIN_OPTIONS)

 def enable_root(self, root_password=None):
     """Resets the root password."""
     LOG.info(_LI("Enabling root."))
     user = models.RootUser()
     user.name = "root"
     user.host = "%"
     user.password = root_password or utils.generate_random_password()
     if not self.is_root_enabled():
         self._create_user(user.name, user.password, 'pseudosuperuser')
     else:
         LOG.debug("Updating %s password." % user.name)
         try:
             out, err = system.exec_vsql_command(
                 self._get_database_password(),
                 system.ALTER_USER_PASSWORD % (user.name, user.password))
             if err:
                 if err.is_warning():
                     LOG.warning(err)
                 else:
                     LOG.error(err)
                     raise RuntimeError(_("Failed to update %s "
                                          "password.") % user.name)
         except exception.ProcessExecutionError:
             LOG.error(_("Failed to update %s password.") % user.name)
             raise RuntimeError(_("Failed to update %s password.")
                                % user.name)
     return user.serialize()

 def _generate_database_password(self):
     """Generate and write the password to vertica.cnf file."""
     config = ConfigParser.ConfigParser()
     config.add_section('credentials')
     config.set('credentials', 'dbadmin_password',
                utils.generate_random_password())
     self.write_config(config)

    def secure(self, config_contents, overrides):
        LOG.info(_("Generating admin password."))
        admin_password = utils.generate_random_password()
        service_base.clear_expired_password()
        engine = sqlalchemy.create_engine("mysql://root:@127.0.0.1:3306",
                                          echo=True)
        with LocalSqlClient(engine) as client:
            self._remove_anonymous_user(client)
            self._create_admin_user(client, admin_password)
        self.stop_db()
        self._reset_configuration(config_contents, admin_password)
        self._apply_user_overrides(overrides)
        self.start_mysql()
        # TODO(cp16net) figure out reason for PXC not updating the password
        try:
            with LocalSqlClient(engine) as client:
                query = text("select Host, User from mysql.user;")
                client.execute(query)
        except Exception:
            LOG.debug('failed to query mysql')
        # creating the admin user after the config files are written because
        # percona pxc was not commiting the grant for the admin user after
        # removing the annon users.
        self._wait_for_mysql_to_be_really_alive(
            CONF.timeout_wait_for_service)
        with LocalSqlClient(engine) as client:
            self._create_admin_user(client, admin_password)
        self.stop_db()

        self._reset_configuration(config_contents, admin_password)
        self._apply_user_overrides(overrides)
        self.start_mysql()
        self._wait_for_mysql_to_be_really_alive(
            CONF.timeout_wait_for_service)
        LOG.debug("MySQL secure complete.")

    def secure(self):
        """Create the Trove admin user.

        The service should not be running at this point.
        This will enable role-based access control (RBAC) by default.
        """
        if self.status.is_running:
            raise RuntimeError(_("Cannot secure the instance. "
                                 "The service is still running."))

        temp_changeid = 'localhost_auth_bypass'
        self.configuration_manager.apply_system_override(
            {'setParameter': {'enableLocalhostAuthBypass': True}},
            temp_changeid)
        try:
            self.configuration_manager.apply_system_override(
                {'security': {'authorization': 'enabled'}})
            self.start_db(update_db=False)
            password = utils.generate_random_password()
            self.create_admin_user(password)
            LOG.debug("MongoDB secure complete.")
        finally:
            self.configuration_manager.remove_system_override(
                temp_changeid)
            self.stop_db()

 def _generate_root_password(client):
     """Generate and set a random root password and forget about it."""
     localhost = "localhost"
     uu = sql_query.UpdateUser("root", host=localhost,
                               clear=utils.generate_random_password())
     t = text(str(uu))
     client.execute(t)

    def secure(self, update_user=None, password=None):
        """Configure the Trove administrative user.
        Update an existing user if given.
        Create a new one using the default database credentials
        otherwise and drop the built-in user when finished.
        """
        LOG.info(_('Configuring Trove superuser.'))

        if password is None:
            password = utils.generate_random_password()

        admin_username = update_user.name if update_user else self._ADMIN_USER
        os_admin = models.CassandraUser(admin_username, password)

        if update_user:
            CassandraAdmin(update_user).alter_user_password(os_admin)
        else:
            cassandra = models.CassandraUser(
                self.default_superuser_name, self.default_superuser_password)
            CassandraAdmin(cassandra)._create_superuser(os_admin)
            CassandraAdmin(os_admin).drop_user(cassandra)

        self._update_admin_credentials(os_admin)

        return os_admin

 def root(cls, name=None, password=None, *args, **kwargs):
     if not name:
         name = cls.root_username
     if not password:
         password = utils.generate_random_password()
     user = cls(name, password, *args, **kwargs)
     user.make_root()
     return user

 def _mangle_config_command_name(self):
     """Hide the 'CONFIG' command from the clients by renaming it to a
     random string known only to the guestagent.
     Return the mangled name.
     """
     mangled = utils.generate_random_password()
     self._rename_command('CONFIG', mangled)
     return mangled

 def _secure(self, context):
     # Create a new administrative user for Trove and also
     # disable the built-in superuser.
     self.create_database(context, [{"_name": self.ADMIN_USER}])
     self._create_admin_user(context)
     pgutil.PG_ADMIN = self.ADMIN_USER
     postgres = {"_name": self.PG_BUILTIN_ADMIN, "_password": utils.generate_random_password()}
     self.alter_user(context, postgres, "NOSUPERUSER", "NOLOGIN")

 def _generate_root_password(client):
     """Generate and set a random root password and forget about it."""
     localhost = "localhost"
     uu = sql_query.SetPassword(
         models.MySQLUser.root_username, host=localhost,
         new_password=utils.generate_random_password())
     t = text(str(uu))
     client.execute(t)

 def __init__(self, password=None):
     super(MySQLRootUser, self).__init__()
     self._name = "root"
     self._host = "%"
     if password is None:
         self._password = utils.generate_random_password()
     else:
         self._password = password

    def __init__(self, password=None, *args, **kwargs):
        if password is None:
            pwd_len = min(self.MAX_PASSWORD_LEN, CONF.default_password_length)
            password = utils.generate_random_password(pwd_len)

        # TODO(pmalik): Name should really be 'Administrator' instead.
        super(CouchbaseRootUser, self).__init__("root", password=password,
                                                *args, **kwargs)

 def _create_admin_user(self, context, databases=None):
     """Create an administrative user for Trove.
     Force password encryption.
     """
     password = utils.generate_random_password()
     os_admin = models.PostgreSQLUser(self.ADMIN_USER, password)
     if databases:
         os_admin.databases.extend([db.serialize() for db in databases])
     self._create_user(context, os_admin, True, *self.ADMIN_OPTIONS)

 def enable_root(self, password=None):
     """Create a user 'root' with role 'root'."""
     if not password:
         LOG.debug('Generating root user password.')
         password = utils.generate_random_password()
     root_user = models.MongoDBUser(name='admin.root', password=password)
     root_user.roles = {'db': 'admin', 'role': 'root'}
     self.create_validated_user(root_user)
     return root_user.serialize()