-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
89 lines (79 loc) · 2.07 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
################################################################################
# generate random credentials
resource "random_string" "rw_user" {
length = 14
special = false
number = false
upper = false
lower = true
}
resource "random_string" "rw_pass" {
length = 128
special = false
number = true
upper = true
lower = true
}
resource "random_string" "ro_user" {
length = 14
special = false
number = false
upper = false
lower = true
}
resource "random_string" "ro_pass" {
length = 128
special = false
number = true
upper = true
lower = true
}
locals {
db_rw_user = "urw${random_string.rw_user.result}"
db_rw_pass = "${random_string.rw_pass.result}"
db_ro_user = "uro${random_string.ro_user.result}"
db_ro_pass = "${random_string.ro_pass.result}"
db_user_host = "%"
db_name = "${var.database_name}"
}
################################################################################
# The ro+rw roles that users inherit from
#locals {
# db_rw_role = "${local.db_name}_rw_role"
# db_ro_role = "${local.db_name}_ro_role"
#}
#
#resource "mysql_role" "rw" {
# name = local.db_rw_role
#}
#
#resource "mysql_role" "ro" {
# name = local.db_ro_role
#}
resource "mysql_user" "rw" {
user = local.db_rw_user
host = local.db_user_host
plaintext_password = local.db_rw_pass
}
resource "mysql_user" "ro" {
user = local.db_ro_user
host = local.db_user_host
plaintext_password = local.db_ro_pass
}
################################################################################
resource "mysql_database" "db" {
name = local.db_name
}
################################################################################
resource "mysql_grant" "rw" {
user = mysql_user.rw.user
host = mysql_user.rw.host
database = mysql_database.db.name
privileges = var.rw_privileges
}
resource "mysql_grant" "ro" {
user = mysql_user.ro.user
host = mysql_user.ro.host
database = mysql_database.db.name
privileges = var.ro_privileges
}