Blocky do not create read only user to reduce password exposure

This commit is contained in:
IamTheFij 2023-03-24 09:56:56 -07:00
parent 00697ebb02
commit 5fb0e0841e

View File

@ -130,20 +130,19 @@ password={{ .mysql_root_password }}
template {
data = <<EOF
{{ with nomadVar "nomad/jobs/blocky" -}}
{{ if .db_name -}}
{{ with nomadVar "nomad/jobs/blocky" }}{{ if .db_name -}}
{{ $db_name := .db_name }}
CREATE DATABASE IF NOT EXISTS `{{ $db_name }}`;
CREATE USER IF NOT EXISTS '{{ .db_user }}'@'%' IDENTIFIED BY '{{ .db_pass }}';
GRANT ALL ON `{{ $db_name }}`.* to '{{ .db_user }}'@'%';
{{ with nomadVar "nomad/jobs" -}}
-- Add grafana read_only user
CREATE USER IF NOT EXISTS '{{ .db_user_ro }}'@'%' IDENTIFIED BY '{{ .db_pass_ro }}';
{{ with nomadService "grafana" }}{{ with nomadVar "nomad/jobs" -}}
-- Grant grafana read_only user access to db
GRANT SELECT ON `{{ $db_name }}`.* to '{{ .db_user_ro }}'@'%';
{{ end -}}
{{ end }}{{ end -}}
{{ else -}}
SELECT 'NOOP';
{{ end -}}
{{ end -}}{{ end -}}
EOF
destination = "$${NOMAD_SECRETS_DIR}/bootstrap.sql"