Blocky do not create read only user to reduce password exposure

core/blocky/blocky.nomad

@@ -130,20 +130,19 @@ password={{ .mysql_root_password }}
 
       template {
         data = <<EOF
-{{ with nomadVar "nomad/jobs/blocky" -}}
-{{ if .db_name -}}
+{{ with nomadVar "nomad/jobs/blocky" }}{{ if .db_name -}}
 {{ $db_name := .db_name }}
 CREATE DATABASE IF NOT EXISTS `{{ $db_name }}`;
 CREATE USER IF NOT EXISTS '{{ .db_user }}'@'%' IDENTIFIED BY '{{ .db_pass }}';
 GRANT ALL ON `{{ $db_name }}`.* to '{{ .db_user }}'@'%';
-{{ with nomadVar "nomad/jobs" -}}
--- Add grafana read_only user
-CREATE USER IF NOT EXISTS '{{ .db_user_ro }}'@'%' IDENTIFIED BY '{{ .db_pass_ro }}';
+
+{{ with nomadService "grafana" }}{{ with nomadVar "nomad/jobs" -}}
+-- Grant grafana read_only user access to db
 GRANT SELECT ON `{{ $db_name }}`.* to '{{ .db_user_ro }}'@'%';
-{{ end -}}
+{{ end }}{{ end -}}
+
 {{ else -}}
 SELECT 'NOOP';
-{{ end -}}
 {{ end -}}{{ end -}}
         EOF
         destination = "$${NOMAD_SECRETS_DIR}/bootstrap.sql"