Update default mysql user script

Author: quangnhut123

Dockerfile

@@ -19,20 +19,5 @@ RUN dnf update -y
 RUN dnf install mariadb105 -y
 
 # Copy scripts to the appropriate directory and make them executable
-COPY ./menu.sh /usr/local/bin/
-COPY ./check-connections.sh /usr/local/bin/
-COPY ./check-envs.sh /usr/local/bin/
-COPY ./ecs-utils.sh /usr/local/bin/
-COPY ./lambda-utils.sh /usr/local/bin/
-COPY ./check-db.sh /usr/local/bin/
-COPY ./db-cloning.sh /usr/local/bin/
-COPY ./migrate-utils.sh /usr/local/bin/
-
-RUN chmod +x /usr/local/bin/menu.sh \
-    /usr/local/bin/check-connections.sh \
-    /usr/local/bin/check-envs.sh \
-    /usr/local/bin/ecs-utils.sh \
-    /usr/local/bin/lambda-utils.sh \
-    /usr/local/bin/check-db.sh \
-    /usr/local/bin/db-cloning.sh \
-    /usr/local/bin/migrate-utils.sh
+COPY ./*.sh /usr/local/bin/
+RUN chmod +x /usr/local/bin/*.sh

menu.sh

@@ -11,7 +11,8 @@ show_menu() {
     echo "4. Manage ECS Services"
     echo "5. Manage Lambda Functions"
     echo "6. Clone Database"
-    echo "7. Exit"
+    echo "7. Create Default MySQL Users (xxx_app, xxx_readonly)"
+    echo "8. Exit"
     echo "========================================"
 }
 
@@ -92,6 +93,9 @@ while true; do
             db-cloning.sh $source_cluster_name $target_cluster_name $target_instance_name $target_region $db_subnet_group_name $vpc_security_group_ids
             ;;
         7)
+            mysql-user-creator.sh
+            ;;
+        8)
             echo "Exiting..."
             exit 0
             ;;

mysql-user-creator.sh

@@ -0,0 +1,70 @@
+#!/bin/bash
+
+# Prompt or use env
+MYSQL_HOST=${MYSQL_HOST:-$(read -p "Enter MySQL host: " tmp && echo "$tmp")}
+MYSQL_USER=${MYSQL_USER:-$(read -p "Enter MySQL admin user: " tmp && echo "$tmp")}
+MYSQL_PASSWORD=${MYSQL_PASSWORD:-$(read -sp "Enter MySQL admin password: " tmp && echo "$tmp" && echo)}
+TARGET_DB=${MYSQL_DB:-$(read -p "Enter target database name: " tmp && echo "$tmp")}
+USER_PREFIX=${USER_PREFIX:-$(read -p "Enter product name (e.g. 'icp'): " tmp && echo "$tmp")}
+
+# SSL certificates
+SSL_CA="/ssl_cert/ca-cert.pem"
+
+# Verify certificate files exist
+if [[ ! -f "$SSL_CA" ]]; then
+    echo "❌ Required certificate not found: $SSL_CA"
+    exit 1
+fi
+
+# Construct usernames
+READONLY_USER="${USER_PREFIX}_readonly"
+APP_USER="${USER_PREFIX}_app"
+
+# Generate random passwords (16 chars)
+generate_password() {
+  head -c 16 /dev/urandom | base64 | tr -dc 'A-Za-z0-9' | head -c 16
+}
+
+# Flags
+CREATED_ANY_USER=false
+
+# Function to create user if not exists
+create_user_if_not_exists() {
+  local USERNAME=$1
+  local PASSWORD=$2
+  local GRANTS=$3
+  local USER_EXISTS=$(mysql \
+    -h "$MYSQL_HOST" \
+    -u "$MYSQL_USER" \
+    -p"$MYSQL_PASSWORD" \
+    --ssl-ca="$SSL_CA" \
+    -sN -e "SELECT COUNT(*) FROM mysql.user WHERE user = '$USERNAME';")
+
+  if [[ "$USER_EXISTS" == "0" ]]; then
+    mysql \
+      -h "$MYSQL_HOST" \
+      -u "$MYSQL_USER" \
+      -p"$MYSQL_PASSWORD" \
+      --ssl-ca="$SSL_CA" <<EOF
+CREATE USER '$USERNAME'@'%' IDENTIFIED BY '$PASSWORD';
+$GRANTS
+FLUSH PRIVILEGES;
+EOF
+    echo "✅ Created user: $USERNAME"
+    echo "  Password:     $PASSWORD"
+    echo ""
+    CREATED_ANY_USER=true
+  fi
+}
+
+# Create readonly user if not exists
+READONLY_PASSWORD=$(generate_password)
+create_user_if_not_exists "$READONLY_USER" "$READONLY_PASSWORD" "GRANT SELECT ON \`$TARGET_DB\`.* TO '$READONLY_USER'@'%';"
+
+# Create app user if not exists
+APP_PASSWORD=$(generate_password)
+create_user_if_not_exists "$APP_USER" "$APP_PASSWORD" "GRANT ALL PRIVILEGES ON \`$TARGET_DB\`.* TO '$APP_USER'@'%';"
+
+if [ "$CREATED_ANY_USER" = false ]; then
+  echo "ℹ️  No new users created. Both users already exist."
+fi