Blocky do not create read only user to reduce password exposure

This commit is contained in:
IamTheFij 2023-03-24 09:56:56 -07:00
parent 00697ebb02
commit 5fb0e0841e

View File

@ -130,20 +130,19 @@ password={{ .mysql_root_password }}
template { template {
data = <<EOF data = <<EOF
{{ with nomadVar "nomad/jobs/blocky" -}} {{ with nomadVar "nomad/jobs/blocky" }}{{ if .db_name -}}
{{ if .db_name -}}
{{ $db_name := .db_name }} {{ $db_name := .db_name }}
CREATE DATABASE IF NOT EXISTS `{{ $db_name }}`; CREATE DATABASE IF NOT EXISTS `{{ $db_name }}`;
CREATE USER IF NOT EXISTS '{{ .db_user }}'@'%' IDENTIFIED BY '{{ .db_pass }}'; CREATE USER IF NOT EXISTS '{{ .db_user }}'@'%' IDENTIFIED BY '{{ .db_pass }}';
GRANT ALL ON `{{ $db_name }}`.* to '{{ .db_user }}'@'%'; GRANT ALL ON `{{ $db_name }}`.* to '{{ .db_user }}'@'%';
{{ with nomadVar "nomad/jobs" -}}
-- Add grafana read_only user {{ with nomadService "grafana" }}{{ with nomadVar "nomad/jobs" -}}
CREATE USER IF NOT EXISTS '{{ .db_user_ro }}'@'%' IDENTIFIED BY '{{ .db_pass_ro }}'; -- Grant grafana read_only user access to db
GRANT SELECT ON `{{ $db_name }}`.* to '{{ .db_user_ro }}'@'%'; GRANT SELECT ON `{{ $db_name }}`.* to '{{ .db_user_ro }}'@'%';
{{ end -}} {{ end }}{{ end -}}
{{ else -}} {{ else -}}
SELECT 'NOOP'; SELECT 'NOOP';
{{ end -}}
{{ end -}}{{ end -}} {{ end -}}{{ end -}}
EOF EOF
destination = "$${NOMAD_SECRETS_DIR}/bootstrap.sql" destination = "$${NOMAD_SECRETS_DIR}/bootstrap.sql"