echo "Creating camundabpmn database . . ." 1>/tmp/mariadb-camundabpmn.log 2>&1
-mysql -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1
-DROP DATABASE IF EXISTS `camundabpmn`;
-CREATE DATABASE `camundabpmn`;
-DROP USER IF EXISTS 'camundauser';
-CREATE USER 'camundauser';
-GRANT ALL on camundabpmn.* to 'camundauser' identified by 'camunda123' with GRANT OPTION;
+mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
+DROP DATABASE IF EXISTS camundabpmn;
+CREATE DATABASE camundabpmn;
+DROP USER IF EXISTS '${CAMUNDA_DB_USER}';
+CREATE USER '${CAMUNDA_DB_USER}';
+GRANT ALL on camundabpmn.* to '${CAMUNDA_DB_USER}' identified by '${CAMUNDA_DB_PASSWORD}' with GRANT OPTION;
FLUSH PRIVILEGES;
EOF
echo "Creating requestdb database . . ." 1>/tmp/mariadb-requestdb.log 2>&1
-mysql -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1
-DROP DATABASE IF EXISTS `requestdb`;
-CREATE DATABASE /*!32312 IF NOT EXISTS*/ `requestdb` /*!40100 DEFAULT CHARACTER SET latin1 */;
-DROP USER IF EXISTS 'requestuser';
-CREATE USER 'requestuser';
-GRANT ALL on requestdb.* to 'requestuser' identified by 'request123' with GRANT OPTION;
+mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
+DROP DATABASE IF EXISTS requestdb;
+CREATE DATABASE /*!32312 IF NOT EXISTS*/ requestdb /*!40100 DEFAULT CHARACTER SET latin1 */;
+DROP USER IF EXISTS '${REQUEST_DB_USER}';
+CREATE USER '${REQUEST_DB_USER}';
+GRANT ALL on requestdb.* to '${REQUEST_DB_USER}' identified by '${REQUEST_DB_PASSWORD}' with GRANT OPTION;
FLUSH PRIVILEGES;
EOF
echo "Creating catalogdb database . . ." 1>/tmp/mariadb-catalogdb.log 2>&1
-mysql -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1
-DROP DATABASE IF EXISTS `catalogdb`;
-CREATE DATABASE /*!32312 IF NOT EXISTS*/ `catalogdb` /*!40100 DEFAULT CHARACTER SET latin1 */;
-DROP USER IF EXISTS 'cataloguser';
-CREATE USER 'cataloguser';
-GRANT ALL on catalogdb.* to 'cataloguser' identified by 'catalog123' with GRANT OPTION;
+mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
+DROP DATABASE IF EXISTS catalogdb;
+CREATE DATABASE /*!32312 IF NOT EXISTS*/ catalogdb /*!40100 DEFAULT CHARACTER SET latin1 */;
+DROP USER IF EXISTS '${CATALOG_DB_USER}';
+CREATE USER '${CATALOG_DB_USER}';
+GRANT ALL on catalogdb.* to '${CATALOG_DB_USER}' identified by '${CATALOG_DB_PASSWORD}' with GRANT OPTION;
FLUSH PRIVILEGES;
EOF
echo "Creating so user . . ." 1>/tmp/mariadb-so-user.log 2>&1
-mysql -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1
-DROP USER IF EXISTS 'so_user';
-CREATE USER 'so_user';
-GRANT USAGE ON *.* TO 'so_user'@'%' IDENTIFIED BY 'so_User123';
-GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON `requestdb`.* TO 'so_user'@'%';
-GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON `catalogdb`.* TO 'so_user'@'%';
-GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON `camundabpmn`.* TO 'so_user'@'%';
+mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
+DROP USER IF EXISTS '${DB_USER}';
+CREATE USER '${DB_USER}';
+GRANT USAGE ON *.* TO '${DB_USER}'@'%' IDENTIFIED BY '${DB_PASSWORD}';
+GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON requestdb.* TO '${DB_USER}'@'%';
+GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON catalogdb.* TO '${DB_USER}'@'%';
+GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON camundabpmn.* TO '${DB_USER}'@'%';
FLUSH PRIVILEGES;
EOF
echo "Creating so admin user . . ." 1>/tmp/mariadb-so-admin.log 2>&1
-mysql -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1
-DROP USER IF EXISTS 'so_admin';
-CREATE USER 'so_admin';
-GRANT USAGE ON *.* TO 'so_admin'@'%' IDENTIFIED BY 'so_Admin123';
-GRANT ALL PRIVILEGES ON `camundabpmn`.* TO 'so_admin'@'%' WITH GRANT OPTION;
-GRANT ALL PRIVILEGES ON `requestdb`.* TO 'so_admin'@'%' WITH GRANT OPTION;
-GRANT ALL PRIVILEGES ON `catalogdb`.* TO 'so_admin'@'%' WITH GRANT OPTION;
+mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
+DROP USER IF EXISTS '${DB_ADMIN}';
+CREATE USER '${DB_ADMIN}';
+GRANT USAGE ON *.* TO '${DB_ADMIN}'@'%' IDENTIFIED BY '${DB_ADMIN_PASSWORD}';
+GRANT ALL PRIVILEGES ON camundabpmn.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
+GRANT ALL PRIVILEGES ON requestdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
+GRANT ALL PRIVILEGES ON catalogdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EOF
key: mariadb.readwrite.port
- name: MYSQL_ROOT_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 10 }}
+ - name: DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
+ - name: DB_ADMIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ - name: CAMUNDA_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "camunda-db-creds" "key" "login") | indent 10 }}
+ - name: CAMUNDA_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "camunda-db-creds" "key" "password") | indent 10 }}
+ - name: REQUEST_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "request-db-creds" "key" "login") | indent 10 }}
+ - name: REQUEST_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "request-db-creds" "key" "password") | indent 10 }}
+ - name: CATALOG_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "catalog-db-creds" "key" "login") | indent 10 }}
+ - name: CATALOG_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "catalog-db-creds" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
helm.sh/hook: pre-upgrade,pre-install
helm.sh/hook-weight: "0"
helm.sh/hook-delete-policy: before-hook-creation
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.db.userCredsExternalSecret }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.db.adminCredsExternalSecret }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ - uid: camunda-db-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.db.camunda.dbCredsExternalSecret }}'
+ login: '{{ .Values.db.camunda.userName }}'
+ password: '{{ .Values.db.camunda.password }}'
+ - uid: request-db-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.db.request.dbCredsExternalSecret }}'
+ login: '{{ .Values.db.request.userName }}'
+ password: '{{ .Values.db.request.password }}'
+ - uid: catalog-db-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.db.catalog.dbCredsExternalSecret }}'
+ login: '{{ .Values.db.catalog.userName }}'
+ password: '{{ .Values.db.catalog.password }}'
+
+
#################################################################
# Application configuration defaults.
backupPassword: secretpassword
backupUser: root
# backupCredsExternalSecret: some secret
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+ camunda:
+ userName: camundauser
+ password: camunda123
+ # dbCredsExternalSecret: some secret
+ request:
+ userName: requestuser
+ password: request123
+ # dbCredsExternalSecret: some secret
+ catalog:
+ userName: cataloguser
+ password: catalog123
+ # dbCredsExternalSecret: some secret
+
# application configuration
config:
# gerrit branch where the latest heat code is checked in