all: Require SSL connection to database if MariaDB SSL is configured

With this settings, non-SSL access is forbidden for the affected users.
crowbar · Sep 20, 2017 · b516726 · b516726
1 parent b097a03
commit b516726
Show file tree

Hide file tree

Showing 16 changed files with 17 additions and 0 deletions.
diff --git a/chef/cookbooks/aodh/recipes/aodh.rb b/chef/cookbooks/aodh/recipes/aodh.rb
@@ -40,6 +40,7 @@
   host "%"
   privileges db_settings[:privs]
   provider db_settings[:user_provider]
+  require_ssl db_settings[:connection][:ssl][:enabled]
   action :grant
   only_if { !ha_enabled || CrowbarPacemakerHelper.is_cluster_founder?(node) }
 end

diff --git a/chef/cookbooks/barbican/recipes/common.rb b/chef/cookbooks/barbican/recipes/common.rb
@@ -62,6 +62,7 @@
   host "%"
   privileges db_settings[:privs]
   provider db_settings[:user_provider]
+  require_ssl db_settings[:connection][:ssl][:enabled]
   action :grant
   only_if { !ha_enabled || CrowbarPacemakerHelper.is_cluster_founder?(node) }
 end

diff --git a/chef/cookbooks/ceilometer/recipes/server.rb b/chef/cookbooks/ceilometer/recipes/server.rb
@@ -95,6 +95,7 @@
       host "%"
       privileges db_settings[:privs]
       provider db_settings[:user_provider]
+      require_ssl db_settings[:connection][:ssl][:enabled]
       action :grant
       only_if { !ha_enabled || CrowbarPacemakerHelper.is_cluster_founder?(node) }
   end

diff --git a/chef/cookbooks/cinder/recipes/sql.rb b/chef/cookbooks/cinder/recipes/sql.rb
@@ -56,6 +56,7 @@
     host "%"
     privileges db_settings[:privs]
     provider db_settings[:user_provider]
+    require_ssl db_settings[:connection][:ssl][:enabled]
     action :grant
     only_if { !ha_enabled || CrowbarPacemakerHelper.is_cluster_founder?(node) }
 end

diff --git a/chef/cookbooks/ec2-api/recipes/ec2api.rb b/chef/cookbooks/ec2-api/recipes/ec2api.rb
@@ -79,6 +79,7 @@
   host "%"
   privileges db_settings[:privs]
   provider db_settings[:user_provider]
+  require_ssl db_settings[:connection][:ssl][:enabled]
   action :grant
   only_if { !ha_enabled || CrowbarPacemakerHelper.is_cluster_founder?(node) }
 end

diff --git a/chef/cookbooks/glance/recipes/common.rb b/chef/cookbooks/glance/recipes/common.rb
@@ -58,6 +58,7 @@
   host "%"
   privileges db_settings[:privs]
   provider db_settings[:user_provider]
+  require_ssl db_settings[:connection][:ssl][:enabled]
   action :grant
   only_if { !ha_enabled || CrowbarPacemakerHelper.is_cluster_founder?(node) }
 end

diff --git a/chef/cookbooks/heat/recipes/server.rb b/chef/cookbooks/heat/recipes/server.rb
@@ -51,6 +51,7 @@
   host "%"
   privileges db_settings[:privs]
   provider db_settings[:user_provider]
+  require_ssl db_settings[:connection][:ssl][:enabled]
   action :grant
   only_if { !ha_enabled || CrowbarPacemakerHelper.is_cluster_founder?(node) }
 end

diff --git a/chef/cookbooks/horizon/recipes/server.rb b/chef/cookbooks/horizon/recipes/server.rb
@@ -322,6 +322,7 @@
     host "%"
     privileges db_settings[:privs]
     provider db_settings[:user_provider]
+    require_ssl db_settings[:connection][:ssl][:enabled]
     action :grant
     only_if { !ha_enabled || CrowbarPacemakerHelper.is_cluster_founder?(node) }
 end

diff --git a/chef/cookbooks/ironic/recipes/server.rb b/chef/cookbooks/ironic/recipes/server.rb
@@ -45,6 +45,7 @@
   host "%"
   privileges db_settings[:privs]
   provider db_settings[:user_provider]
+  require_ssl db_settings[:connection][:ssl][:enabled]
   action :grant
 end
 

diff --git a/chef/cookbooks/magnum/recipes/sql.rb b/chef/cookbooks/magnum/recipes/sql.rb
@@ -54,6 +54,7 @@
   host "%"
   privileges db_settings[:privs]
   provider db_settings[:user_provider]
+  require_ssl db_settings[:connection][:ssl][:enabled]
   action :grant
   only_if { !ha_enabled || is_cluster_founder }
 end

diff --git a/chef/cookbooks/manila/recipes/sql.rb b/chef/cookbooks/manila/recipes/sql.rb
@@ -36,6 +36,7 @@
   host "%"
   privileges db_settings[:privs]
   provider db_settings[:user_provider]
+  require_ssl db_settings[:connection][:ssl][:enabled]
   action :grant
   only_if { !ha_enabled || CrowbarPacemakerHelper.is_cluster_founder?(node) }
 end

diff --git a/chef/cookbooks/mysql/recipes/server.rb b/chef/cookbooks/mysql/recipes/server.rb
@@ -183,6 +183,7 @@
       "TRIGGER"
     ]
     provider db_settings[:user_provider]
+    require_ssl db_connection[:ssl][:enabled]
     action :grant
     only_if { !ha_enabled || CrowbarPacemakerHelper.is_cluster_founder?(node) }
   end

diff --git a/chef/cookbooks/neutron/recipes/database.rb b/chef/cookbooks/neutron/recipes/database.rb
@@ -63,6 +63,7 @@
     host "%"
     privileges db_settings[:privs]
     provider db_settings[:user_provider]
+    require_ssl db_settings[:connection][:ssl][:enabled]
     action :grant
     only_if { !ha_enabled || CrowbarPacemakerHelper.is_cluster_founder?(node) }
   end

diff --git a/chef/cookbooks/nova/recipes/database.rb b/chef/cookbooks/nova/recipes/database.rb
@@ -58,6 +58,7 @@
     host "%"
     privileges db_settings[:privs]
     provider db_settings[:user_provider]
+    require_ssl db_settings[:connection][:ssl][:enabled]
     action :grant
     only_if { !ha_enabled || CrowbarPacemakerHelper.is_cluster_founder?(node) }
   end
@@ -81,6 +82,7 @@
   host "%"
   privileges db_settings[:privs]
   provider db_settings[:user_provider]
+  require_ssl db_settings[:connection][:ssl][:enabled]
   action :grant
   only_if { !ha_enabled || CrowbarPacemakerHelper.is_cluster_founder?(node) }
 end

diff --git a/chef/cookbooks/sahara/recipes/sql.rb b/chef/cookbooks/sahara/recipes/sql.rb
@@ -52,6 +52,7 @@
   host "%"
   privileges db_settings[:privs]
   provider db_settings[:user_provider]
+  require_ssl db_settings[:connection][:ssl][:enabled]
   action :grant
   only_if { !ha_enabled || CrowbarPacemakerHelper.is_cluster_founder?(node) }
 end

diff --git a/chef/cookbooks/trove/recipes/sql.rb b/chef/cookbooks/trove/recipes/sql.rb
@@ -47,5 +47,6 @@
   host "%"
   privileges db_settings[:privs]
   provider db_settings[:user_provider]
+  require_ssl db_settings[:connection][:ssl][:enabled]
   action :grant
 end