def secret_data(self):
with open('/database-server-config/sql-config.json', 'r') as f:
server_config = SQLConfig.from_json(f.read())
with open('/database-server-config/server-ca.pem', 'r') as f:
server_ca = f.read()
with open('/database-server-config/client-cert.pem', 'r') as f:
client_cert = f.read()
with open('/database-server-config/client-key.pem', 'r') as f:
client_key = f.read()
if is_test_deployment:
return create_secret_data_from_config(server_config, server_ca, client_cert, client_key)
assert self.name is not None
assert self.password is not None
config = SQLConfig(
host=server_config.host,
port=server_config.port,
user=self.name,
password=self.password,
instance=server_config.instance,
db=self.name,
ssl_ca='/sql-config/server-ca.pem',
ssl_cert='/sql-config/client-cert.pem',
ssl_key='/sql-config/client-key.pem',
ssl_mode='VERIFY_CA',
)
return create_secret_data_from_config(config, server_ca, client_cert, client_key)
def secret_data(self):
with open('/database-server-config/sql-config.json',
'r',
encoding='utf-8') as f:
server_config = SQLConfig.from_json(f.read())
with open('/database-server-config/server-ca.pem',
'r',
encoding='utf-8') as f:
server_ca = f.read()
client_cert: Optional[str]
client_key: Optional[str]
if server_config.using_mtls():
with open('/database-server-config/client-cert.pem',
'r',
encoding='utf-8') as f:
client_cert = f.read()
with open('/database-server-config/client-key.pem',
'r',
encoding='utf-8') as f:
client_key = f.read()
else:
client_cert = None
client_key = None
if is_test_deployment:
return create_secret_data_from_config(server_config, server_ca,
client_cert, client_key)
assert self.name is not None
assert self.password is not None
config = SQLConfig(
host=server_config.host,
port=server_config.port,
user=self.name,
password=self.password,
instance=server_config.instance,
connection_name=server_config.connection_name,
db=self.name,
ssl_ca='/sql-config/server-ca.pem',
ssl_cert='/sql-config/client-cert.pem'
if client_cert is not None else None,
ssl_key='/sql-config/client-key.pem'
if client_key is not None else None,
ssl_mode='VERIFY_CA',
)
return create_secret_data_from_config(config, server_ca, client_cert,
client_key)
async def create_database():
with open('/sql-config/sql-config.json', 'r') as f:
sql_config = SQLConfig.from_json(f.read())
namespace = create_database_config['namespace']
database_name = create_database_config['database_name']
cant_create_database = create_database_config['cant_create_database']
if cant_create_database:
assert sql_config.db is not None
await write_user_config(namespace, database_name, 'admin', sql_config)
await write_user_config(namespace, database_name, 'user', sql_config)
return
scope = create_database_config['scope']
_name = create_database_config['_name']
admin_username = create_database_config['admin_username']
user_username = create_database_config['user_username']
db = Database()
await db.async_init()
if scope == 'deploy':
assert _name == database_name
# create if not exists
rows = db.execute_and_fetchall(
f"SHOW DATABASES LIKE '{database_name}';")
rows = [row async for row in rows]
if len(rows) > 0:
assert len(rows) == 1
return
with open(create_database_config['admin_password_file']) as f:
admin_password = f.read()
with open(create_database_config['user_password_file']) as f:
user_password = f.read()
await db.just_execute(f'''
CREATE DATABASE IF NOT EXISTS `{_name}`;
CREATE USER IF NOT EXISTS '{admin_username}'@'%' IDENTIFIED BY '{admin_password}';
GRANT ALL ON `{_name}`.* TO '{admin_username}'@'%';
CREATE USER IF NOT EXISTS '{user_username}'@'%' IDENTIFIED BY '{user_password}';
GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE ON `{_name}`.* TO '{user_username}'@'%';
''')
await write_user_config(
namespace,
database_name,
'admin',
SQLConfig(
host=sql_config.host,
port=sql_config.port,
instance=sql_config.instance,
connection_name=sql_config.instance,
user=admin_username,
password=admin_password,
db=_name,
ssl_ca=sql_config.ssl_ca,
ssl_cert=sql_config.ssl_cert,
ssl_key=sql_config.ssl_key,
ssl_mode=sql_config.ssl_mode,
),
)
await write_user_config(
namespace,
database_name,
'user',
SQLConfig(
host=sql_config.host,
port=sql_config.port,
instance=sql_config.instance,
connection_name=sql_config.instance,
user=user_username,
password=user_password,
db=_name,
ssl_ca=sql_config.ssl_ca,
ssl_cert=sql_config.ssl_cert,
ssl_key=sql_config.ssl_key,
ssl_mode=sql_config.ssl_mode,
),
)