Blocky do not create read only user to reduce password exposure
This commit is contained in:
parent
00697ebb02
commit
5fb0e0841e
@ -130,20 +130,19 @@ password={{ .mysql_root_password }}
|
|||||||
|
|
||||||
template {
|
template {
|
||||||
data = <<EOF
|
data = <<EOF
|
||||||
{{ with nomadVar "nomad/jobs/blocky" -}}
|
{{ with nomadVar "nomad/jobs/blocky" }}{{ if .db_name -}}
|
||||||
{{ if .db_name -}}
|
|
||||||
{{ $db_name := .db_name }}
|
{{ $db_name := .db_name }}
|
||||||
CREATE DATABASE IF NOT EXISTS `{{ $db_name }}`;
|
CREATE DATABASE IF NOT EXISTS `{{ $db_name }}`;
|
||||||
CREATE USER IF NOT EXISTS '{{ .db_user }}'@'%' IDENTIFIED BY '{{ .db_pass }}';
|
CREATE USER IF NOT EXISTS '{{ .db_user }}'@'%' IDENTIFIED BY '{{ .db_pass }}';
|
||||||
GRANT ALL ON `{{ $db_name }}`.* to '{{ .db_user }}'@'%';
|
GRANT ALL ON `{{ $db_name }}`.* to '{{ .db_user }}'@'%';
|
||||||
{{ with nomadVar "nomad/jobs" -}}
|
|
||||||
-- Add grafana read_only user
|
{{ with nomadService "grafana" }}{{ with nomadVar "nomad/jobs" -}}
|
||||||
CREATE USER IF NOT EXISTS '{{ .db_user_ro }}'@'%' IDENTIFIED BY '{{ .db_pass_ro }}';
|
-- Grant grafana read_only user access to db
|
||||||
GRANT SELECT ON `{{ $db_name }}`.* to '{{ .db_user_ro }}'@'%';
|
GRANT SELECT ON `{{ $db_name }}`.* to '{{ .db_user_ro }}'@'%';
|
||||||
{{ end -}}
|
{{ end }}{{ end -}}
|
||||||
|
|
||||||
{{ else -}}
|
{{ else -}}
|
||||||
SELECT 'NOOP';
|
SELECT 'NOOP';
|
||||||
{{ end -}}
|
|
||||||
{{ end -}}{{ end -}}
|
{{ end -}}{{ end -}}
|
||||||
EOF
|
EOF
|
||||||
destination = "$${NOMAD_SECRETS_DIR}/bootstrap.sql"
|
destination = "$${NOMAD_SECRETS_DIR}/bootstrap.sql"
|
||||||
|
Loading…
Reference in New Issue
Block a user