skadereg: Add a read-only user

2ec8a065 · Alexander Olofsson · 1dc52e29 · 2ec8a065
Commit 2ec8a065 authored 7 years ago by Alexander Olofsson
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -10,6 +10,12 @@
 # [*mysql_backup_password*]
 #   The password for the user used for MySQL backups
 #
+# [*skadereg_ro_password*]
+#   The password used for the read-only user
+#
+# [*skadereg_ro_user*]
+#   The username used for the read-only user
+#
 # Authors
 # -------
 #
@@ -24,6 +30,8 @@
 class skadereg(
  String $mysql_password,
  String $mysql_backup_password,
+  String $skadereg_ro_password,
+  String $skadereg_ro_user = 'skadereg_ro',
 ){
  ::users::liu_user {
    'andal699':
@@ -147,14 +155,22 @@ class skadereg(
    subscribe   => Vcsrepo['/var/www/skadereg'],
  }
+  $db_name = 'homestead'
  class { '::mysql::server':
    root_password    => $mysql_password,
    databases        => {
-      'homestead' => {
+      $db_name => {
        ensure  => present,
        charset => 'utf8',
      },
    },
+    users            => {
+      "${skadereg_ro_user}@%" => {
+        ensure        => present,
+        password_hash => mysql_password($skadereg_ro_password),
+      },
+    },
    grants           => {
      'root@%/*.*' => {
        ensure     => present,
@@ -172,6 +188,15 @@ class skadereg(
    },
  }
+  ['entries', 'guardian_confirmations', 'users'].each |String $table| {
+    mysql_grant { "${skadereg_ro_user}@%/${db_name}.${table}":
+      ensure     => present,
+      privileges => ['SELECT'],
+      table      => "${db_name}.${table}",
+      user       => "${skadereg_ro_user}@%",
+    }
+  }
  class { '::mysql::server::backup':
    backupuser     => 'backupuser',
    backuppassword => $mysql_backup_password,