Skip to content

Commit 787822f

Browse files
jshajsha
committed
Remove sed command for users
We never access via localhost, which means we were always doing this sed command. Might as well apply it once and store it in the file.
1 parent 19201d7 commit 787822f

3 files changed

Lines changed: 70 additions & 71 deletions

File tree

sa/db-users/boulder_sa.sql

Lines changed: 65 additions & 65 deletions
Original file line numberDiff line numberDiff line change
@@ -2,84 +2,84 @@
22
-- component with the appropriate permissions.
33

44
-- These lines require MariaDB 10.1+
5-
CREATE USER IF NOT EXISTS 'policy'@'localhost';
6-
CREATE USER IF NOT EXISTS 'sa'@'localhost';
7-
CREATE USER IF NOT EXISTS 'sa_ro'@'localhost';
8-
CREATE USER IF NOT EXISTS 'revoker'@'localhost';
9-
CREATE USER IF NOT EXISTS 'importer'@'localhost';
10-
CREATE USER IF NOT EXISTS 'mailer'@'localhost';
11-
CREATE USER IF NOT EXISTS 'cert_checker'@'localhost';
12-
CREATE USER IF NOT EXISTS 'test_setup'@'localhost';
13-
CREATE USER IF NOT EXISTS 'badkeyrevoker'@'localhost';
14-
CREATE USER IF NOT EXISTS 'proxysql'@'localhost';
5+
CREATE USER IF NOT EXISTS 'policy'@'%';
6+
CREATE USER IF NOT EXISTS 'sa'@'%';
7+
CREATE USER IF NOT EXISTS 'sa_ro'@'%';
8+
CREATE USER IF NOT EXISTS 'revoker'@'%';
9+
CREATE USER IF NOT EXISTS 'importer'@'%';
10+
CREATE USER IF NOT EXISTS 'mailer'@'%';
11+
CREATE USER IF NOT EXISTS 'cert_checker'@'%';
12+
CREATE USER IF NOT EXISTS 'test_setup'@'%';
13+
CREATE USER IF NOT EXISTS 'badkeyrevoker'@'%';
14+
CREATE USER IF NOT EXISTS 'proxysql'@'%';
1515

1616
-- Storage Authority
17-
GRANT SELECT,INSERT ON certificates TO 'sa'@'localhost';
18-
GRANT SELECT,INSERT,UPDATE ON certificateStatus TO 'sa'@'localhost';
19-
GRANT SELECT,INSERT ON issuedNames TO 'sa'@'localhost';
20-
GRANT SELECT,INSERT,UPDATE ON registrations TO 'sa'@'localhost';
21-
GRANT SELECT,INSERT on fqdnSets TO 'sa'@'localhost';
22-
GRANT SELECT,INSERT,UPDATE ON orders TO 'sa'@'localhost';
23-
GRANT SELECT,INSERT,DELETE ON orderFqdnSets TO 'sa'@'localhost';
24-
GRANT SELECT,INSERT,UPDATE ON authz2 TO 'sa'@'localhost';
25-
GRANT INSERT,SELECT ON serials TO 'sa'@'localhost';
26-
GRANT SELECT,INSERT ON precertificates TO 'sa'@'localhost';
27-
GRANT SELECT,INSERT ON keyHashToSerial TO 'sa'@'localhost';
28-
GRANT SELECT,INSERT ON blockedKeys TO 'sa'@'localhost';
29-
GRANT SELECT ON incidents TO 'sa'@'localhost';
30-
GRANT SELECT,INSERT,UPDATE ON crlShards TO 'sa'@'localhost';
31-
GRANT SELECT,INSERT,UPDATE ON revokedCertificates TO 'sa'@'localhost';
32-
GRANT SELECT,INSERT,UPDATE ON replacementOrders TO 'sa'@'localhost';
33-
GRANT SELECT,INSERT,UPDATE ON overrides TO 'sa'@'localhost';
17+
GRANT SELECT,INSERT ON certificates TO 'sa'@'%';
18+
GRANT SELECT,INSERT,UPDATE ON certificateStatus TO 'sa'@'%';
19+
GRANT SELECT,INSERT ON issuedNames TO 'sa'@'%';
20+
GRANT SELECT,INSERT,UPDATE ON registrations TO 'sa'@'%';
21+
GRANT SELECT,INSERT on fqdnSets TO 'sa'@'%';
22+
GRANT SELECT,INSERT,UPDATE ON orders TO 'sa'@'%';
23+
GRANT SELECT,INSERT,DELETE ON orderFqdnSets TO 'sa'@'%';
24+
GRANT SELECT,INSERT,UPDATE ON authz2 TO 'sa'@'%';
25+
GRANT INSERT,SELECT ON serials TO 'sa'@'%';
26+
GRANT SELECT,INSERT ON precertificates TO 'sa'@'%';
27+
GRANT SELECT,INSERT ON keyHashToSerial TO 'sa'@'%';
28+
GRANT SELECT,INSERT ON blockedKeys TO 'sa'@'%';
29+
GRANT SELECT ON incidents TO 'sa'@'%';
30+
GRANT SELECT,INSERT,UPDATE ON crlShards TO 'sa'@'%';
31+
GRANT SELECT,INSERT,UPDATE ON revokedCertificates TO 'sa'@'%';
32+
GRANT SELECT,INSERT,UPDATE ON replacementOrders TO 'sa'@'%';
33+
GRANT SELECT,INSERT,UPDATE ON overrides TO 'sa'@'%';
3434
-- Tests need to be able to remove rows from this table, so DELETE,DROP is necessary.
35-
GRANT SELECT,INSERT,UPDATE,DELETE,DROP ON paused TO 'sa'@'localhost';
35+
GRANT SELECT,INSERT,UPDATE,DELETE,DROP ON paused TO 'sa'@'%';
3636

37-
GRANT SELECT ON certificates TO 'sa_ro'@'localhost';
38-
GRANT SELECT ON certificateStatus TO 'sa_ro'@'localhost';
39-
GRANT SELECT ON issuedNames TO 'sa_ro'@'localhost';
40-
GRANT SELECT ON registrations TO 'sa_ro'@'localhost';
41-
GRANT SELECT on fqdnSets TO 'sa_ro'@'localhost';
42-
GRANT SELECT ON orders TO 'sa_ro'@'localhost';
43-
GRANT SELECT ON orderFqdnSets TO 'sa_ro'@'localhost';
44-
GRANT SELECT ON authz2 TO 'sa_ro'@'localhost';
45-
GRANT SELECT ON serials TO 'sa_ro'@'localhost';
46-
GRANT SELECT ON precertificates TO 'sa_ro'@'localhost';
47-
GRANT SELECT ON keyHashToSerial TO 'sa_ro'@'localhost';
48-
GRANT SELECT ON blockedKeys TO 'sa_ro'@'localhost';
49-
GRANT SELECT ON incidents TO 'sa_ro'@'localhost';
50-
GRANT SELECT ON crlShards TO 'sa_ro'@'localhost';
51-
GRANT SELECT ON revokedCertificates TO 'sa_ro'@'localhost';
52-
GRANT SELECT ON replacementOrders TO 'sa_ro'@'localhost';
53-
GRANT SELECT ON paused TO 'sa_ro'@'localhost';
54-
GRANT SELECT ON overrides TO 'sa_ro'@'localhost';
37+
GRANT SELECT ON certificates TO 'sa_ro'@'%';
38+
GRANT SELECT ON certificateStatus TO 'sa_ro'@'%';
39+
GRANT SELECT ON issuedNames TO 'sa_ro'@'%';
40+
GRANT SELECT ON registrations TO 'sa_ro'@'%';
41+
GRANT SELECT on fqdnSets TO 'sa_ro'@'%';
42+
GRANT SELECT ON orders TO 'sa_ro'@'%';
43+
GRANT SELECT ON orderFqdnSets TO 'sa_ro'@'%';
44+
GRANT SELECT ON authz2 TO 'sa_ro'@'%';
45+
GRANT SELECT ON serials TO 'sa_ro'@'%';
46+
GRANT SELECT ON precertificates TO 'sa_ro'@'%';
47+
GRANT SELECT ON keyHashToSerial TO 'sa_ro'@'%';
48+
GRANT SELECT ON blockedKeys TO 'sa_ro'@'%';
49+
GRANT SELECT ON incidents TO 'sa_ro'@'%';
50+
GRANT SELECT ON crlShards TO 'sa_ro'@'%';
51+
GRANT SELECT ON revokedCertificates TO 'sa_ro'@'%';
52+
GRANT SELECT ON replacementOrders TO 'sa_ro'@'%';
53+
GRANT SELECT ON paused TO 'sa_ro'@'%';
54+
GRANT SELECT ON overrides TO 'sa_ro'@'%';
5555

5656
-- Revoker Tool
57-
GRANT SELECT,UPDATE ON registrations TO 'revoker'@'localhost';
58-
GRANT SELECT ON certificates TO 'revoker'@'localhost';
59-
GRANT SELECT ON precertificates TO 'revoker'@'localhost';
60-
GRANT SELECT ON keyHashToSerial TO 'revoker'@'localhost';
61-
GRANT SELECT,UPDATE ON blockedKeys TO 'revoker'@'localhost';
57+
GRANT SELECT,UPDATE ON registrations TO 'revoker'@'%';
58+
GRANT SELECT ON certificates TO 'revoker'@'%';
59+
GRANT SELECT ON precertificates TO 'revoker'@'%';
60+
GRANT SELECT ON keyHashToSerial TO 'revoker'@'%';
61+
GRANT SELECT,UPDATE ON blockedKeys TO 'revoker'@'%';
6262

6363
-- Expiration mailer
64-
GRANT SELECT ON certificates TO 'mailer'@'localhost';
65-
GRANT SELECT ON registrations TO 'mailer'@'localhost';
66-
GRANT SELECT,UPDATE ON certificateStatus TO 'mailer'@'localhost';
67-
GRANT SELECT ON fqdnSets TO 'mailer'@'localhost';
64+
GRANT SELECT ON certificates TO 'mailer'@'%';
65+
GRANT SELECT ON registrations TO 'mailer'@'%';
66+
GRANT SELECT,UPDATE ON certificateStatus TO 'mailer'@'%';
67+
GRANT SELECT ON fqdnSets TO 'mailer'@'%';
6868

6969
-- Cert checker
70-
GRANT SELECT ON certificates TO 'cert_checker'@'localhost';
71-
GRANT SELECT ON authz2 TO 'cert_checker'@'localhost';
72-
GRANT SELECT ON precertificates TO 'cert_checker'@'localhost';
70+
GRANT SELECT ON certificates TO 'cert_checker'@'%';
71+
GRANT SELECT ON authz2 TO 'cert_checker'@'%';
72+
GRANT SELECT ON precertificates TO 'cert_checker'@'%';
7373

7474
-- Bad Key Revoker
75-
GRANT SELECT,UPDATE ON blockedKeys TO 'badkeyrevoker'@'localhost';
76-
GRANT SELECT ON keyHashToSerial TO 'badkeyrevoker'@'localhost';
77-
GRANT SELECT ON certificateStatus TO 'badkeyrevoker'@'localhost';
78-
GRANT SELECT ON precertificates TO 'badkeyrevoker'@'localhost';
79-
GRANT SELECT ON registrations TO 'badkeyrevoker'@'localhost';
75+
GRANT SELECT,UPDATE ON blockedKeys TO 'badkeyrevoker'@'%';
76+
GRANT SELECT ON keyHashToSerial TO 'badkeyrevoker'@'%';
77+
GRANT SELECT ON certificateStatus TO 'badkeyrevoker'@'%';
78+
GRANT SELECT ON precertificates TO 'badkeyrevoker'@'%';
79+
GRANT SELECT ON registrations TO 'badkeyrevoker'@'%';
8080

8181
-- ProxySQL --
82-
GRANT ALL PRIVILEGES ON monitor TO 'proxysql'@'localhost';
82+
GRANT ALL PRIVILEGES ON monitor TO 'proxysql'@'%';
8383

8484
-- Test setup and teardown
85-
GRANT ALL PRIVILEGES ON * to 'test_setup'@'localhost';
85+
GRANT ALL PRIVILEGES ON * to 'test_setup'@'%';

sa/db-users/incidents_sa.sql

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,11 +2,11 @@
22
-- component with the appropriate permissions.
33

44
-- These lines require MariaDB 10.1+
5-
CREATE USER IF NOT EXISTS 'incidents_sa'@'localhost';
6-
CREATE USER IF NOT EXISTS 'test_setup'@'localhost';
5+
CREATE USER IF NOT EXISTS 'incidents_sa'@'%';
6+
CREATE USER IF NOT EXISTS 'test_setup'@'%';
77

88
-- Storage Authority
9-
GRANT SELECT ON * TO 'incidents_sa'@'localhost';
9+
GRANT SELECT ON * TO 'incidents_sa'@'%';
1010

1111
-- Test setup and teardown
12-
GRANT ALL PRIVILEGES ON * to 'test_setup'@'localhost';
12+
GRANT ALL PRIVILEGES ON * to 'test_setup'@'%';

test/create_db.sh

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -97,8 +97,7 @@ for db in $DBS; do
9797
then
9898
echo "Skipping user grants for ${dbname}"
9999
else
100-
sed -e "s/'localhost'/'%'/g" < "${USERS_SQL}" | \
101-
mysql ${dbconn} -D "${dbname}" -f || exit_err "Unable to add users from ${USERS_SQL}"
100+
mysql ${dbconn} -D "${dbname}" -f < "${USERS_SQL}"
102101
echo "Added users from ${USERS_SQL}"
103102
fi
104103

0 commit comments

Comments
 (0)