compass-adapters/chef/cookbooks/mysql/templates/default/grants.sql.erb

# Generated by Chef for <%= node['hostname'] %>.
# Local modifications will be overwritten.
<% case node['platform_family'] -%>
<% when "debian" -%>

# Grant privileges for debian-sys-main user
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO 'debian-sys-maint'@'localhost' IDENTIFIED BY '<%= node['mysql']['server_debian_password'] %>' WITH GRANT OPTION;
<% end %>

# Grant replication for a slave user.
GRANT REPLICATION SLAVE ON *.* TO 'repl'@'%' identified by '<%= node['mysql']['server_repl_password'] %>';
<% if node['mysql']['allow_remote_root'] -%>

# Set the server root password. This should be preseeded by the package installation.
GRANT ALL ON *.* TO 'root'@'%' IDENTIFIED BY '<%= node['mysql']['server_root_password'] %>' WITH GRANT OPTION;
<% else %>

# remove remote access for root user and set password for local root user
DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
<% end %>
UPDATE mysql.user SET Password=PASSWORD('<%= node['mysql']['server_root_password'] %>') WHERE User='root';

<% if node['mysql']['remove_anonymous_users'] -%>

# Remove anonymous users
DELETE FROM mysql.user WHERE User='';
<% end %>
<% if node['mysql']['remove_test_database']  -%>

# Remove test database and access to it
DROP DATABASE IF EXISTS test;
DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%';
<% end %>

# Set the password for root@localhost
SET PASSWORD FOR 'root'@'localhost' = PASSWORD('<%= node['mysql']['server_root_password'] %>');
<% if node['mysql']['root_network_acl'] -%>

# allow root to connect from a remote network if root_network_acl is not nil
GRANT ALL PRIVILEGES ON *.* TO 'root'@'<%= node['mysql']['root_network_acl'] %>' IDENTIFIED BY '<%= node['mysql']['server_root_password'] %>' WITH GRANT OPTION;
<% end -%>