OpenStack DBaaS (Trove)

  1. Bug #1257021
  2. Comment #1

Comment 1 for bug 1257021

Revision history for this message
Dan Nguyen (daniel-a-nguyen) wrote : Re: MySQL user privileges are too open by default

trove/guestagent/datastore/mysql/service.py

def create_user(self, users):
        """Create users and grant them privileges for the
           specified databases"""
        with LocalSqlClient(get_engine()) as client:
            for item in users:
                user = models.MySQLUser()
                user.deserialize(item)
                # TODO(cp16net):Should users be allowed to create users
                # 'os_admin' or 'debian-sys-maint'
                g = sql_query.Grant(user=user.name, host=user.host,
                                    clear=user.password)
                t = text(str(g))
                client.execute(t)
                for database in user.databases:
                    mydb = models.ValidatedMySQLDatabase()
                    mydb.deserialize(database)
                    g = sql_query.Grant(permissions='ALL', database=mydb.name,
                                        user=user.name, host=user.host,
                                        clear=user.password)
                    t = text(str(g))
                    client.execute(t)