added environment variables to db_create [no ci]

package/scripts/common/db_create.sh

@@ -1,20 +1,28 @@
 #!/bin/bash
 #
-###############################################
+###############################################################################
 # HIRS DB creation
-# Conditions to address
+# Environment variables used:
-# a. Install is called mutiple times
+# a. HIRS_MYSQL_ROOT_EXSITING_PWD: set this variable if mysql root password is already set
-# b. Another app sets the root password 
+# b. HIRS_MYSQL_ROOT_NEW_PWD: set this variable if install needs to set new pwd
-# c. ACA is updated 
+# c. HIRS_DB_PWD: Set the pwd if default password to hirs_db user needs to be changed
-# d. ACA is updated after a DB password change
+# HIRS_MYSQL_ROOT_NEW_PWD wil be ignored if HIRS_MYSQL_ROOT_EXSITING_PWD is set.
-################################################
+################################################################################
 
-if [ -z ${HIRS_DB_PWD+x} ]; then
+# Set Mysql root password
- DB_DEFAULT_PWD="hirs_db";
+if [ ! -z $HIRS_MYSQL_ROOT_EXSITING_PWD ]; then
- else 
+   HIRS_MYSQL_ROOT_PWD=$HIRS_MYSQL_ROOT_EXSITING_PWD;
- DB_DEFAULT_PWD=$HIRS_DB_PWD;
+elif [ ! -z $HIRS_MYSQL_ROOT_NEW_PWD ]; then
+   HIRS_MYSQL_ROOT_PWD=$HIRS_MYSQL_ROOT_NEW_PWD;
+else
+   HIRS_MYSQL_ROOT_PWD="root";
 fi
 
+echo "HIRS_DB_PWD is $HIRS_DB_PWD"
+echo "HIRS_MYSQL_ROOT_EXSITING_PWD is $HIRS_MYSQL_ROOT_EXSITING_PWD"
+echo "HIRS_MYSQL_ROOT_NEW_PWD is $HIRS_MYSQL_ROOT_NEW_PWD"
+echo "HIRS_MYSQL_ROOT_PWD is $HIRS_MYSQL_ROOT_PWD"
+
 # Check if we're in a Docker container
 if [ -f /.dockerenv ]; then
     DOCKER_CONTAINER=true
@@ -51,11 +59,22 @@ while ! mysqladmin ping -h "$localhost" --silent; do
   sleep 1;
 done
 
-# Set intial password, ingore result in case its already been set
-echo "Setting Mysql password"
-mysqladmin -u root --silent password $DB_DEFAULT_PWD || true > /dev/null 2>&1
-
 # Create the hirs_db database
 echo "Creating HIRS Database..." 
-DB_CREATE_SCRIPT=/opt/hirs/scripts/common/db_create.sql.el7
+
-mysql -u root --password="$DB_DEFAULT_PWD" < $DB_CREATE_SCRIPT
+if [ ! -z $HIRS_MYSQL_ROOT_EXSITING_PWD ]; then
+   echo "processing with hirs root set"
+   mysql -u root --password=$HIRS_MYSQL_ROOT_PWD < /opt/hirs/scripts/common/db_create.sql
+   mysql -u root --password=$HIRS_MYSQL_ROOT_PWD < /opt/hirs/scripts/common/secure_mysql.sql
+else 
+   echo "processing with hirs root NOT set"
+   mysql -u root < /opt/hirs/scripts/common/db_create.sql
+   mysql -u root < /opt/hirs/scripts/common/secure_mysql.sql
+   mysqladmin -u root --silent password $HIRS_MYSQL_ROOT_PWD || true > /dev/null 2>&1
+fi
+
+if [ ! -z $HIRS_DB_PWD ]; then
+   echo "Setting hirs_db password"
+   mysql -u root --password=$HIRS_MYSQL_ROOT_PWD -e "ALTER USER 'hirs_db'@'localhost' IDENTIFIED BY '"$HIRS_DB_PWD"'; FLUSH PRIVILEGES;";
+fi
+

package/scripts/common/secure_mysql.sql

@@ -0,0 +1,5 @@
+DELETE FROM mysql.user WHERE User='';
+DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
+DROP DATABASE IF EXISTS test;
+DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
+FLUSH PRIVILEGES