[Wallaby only] Drop unused openstack DB users in mysql

Openstacklib was used in a way that generated additional
users in mysql which are never used. In order to fix
this user creation on an existing environment, we must
delete the unused users manually, as puppet-mysql never
deletes users in the DB.

Add an upgrade task in Wallaby only because we stopped
generating unused users in Master. Also adjust the
indentation to avoid whitespace diff to would complicate
backports from Master to Wallaby.

Change-Id: Ifc2d65b1daa245af3fa97154822cf9f8412d259d

deployment/database/mysql-base.yaml

@@ -101,6 +101,34 @@ outputs:
       mysql_upgrade_db.sh:
         mode: "0755"
         content: { get_file: ../../container_config_scripts/mysql_upgrade_db.sh }
+  mysql_drop_unused_users:
+    description: Ansible block to clean up unusued Openstack DB users
+    value:
+      - name: Drop unused OpenStack DB users
+        when: step|int == 1
+        block:
+        - name: mysql container id
+          command: "podman ps -q --filter name={{ mysql_container_name }} --filter status=running"
+          register: mysql_container_id
+        - name: set mysql container id fact
+          set_fact:
+            mysql_container: "{{ mysql_container_id.stdout }}"
+        - name: Mysql script to drop unused DB users
+          when: ( mysql_container | length ) > 0
+          block:
+          - name: Get the list of all OpenStack DB users
+            shell: jq -r 'to_entries[] | select(.key|endswith("::db::mysql::user")) | .value' /etc/puppet/hieradata/service_configs.json
+            register: openstack_db_users
+          - name: List all DB users that match the DB users to be dropped
+            shell: for u in {{ openstack_db_users.stdout_lines | join(' ') }}; do podman exec -u root -it "{{ mysql_container }}" mysql -sNe "select concat('\`',user,'\`@\`',host,'\`') from mysql.user where user = '$u' and host != '%';"; done
+            register: mysql_db_users
+          - name: resulting DB users to be dropped
+            debug:
+              msg: "{{ mysql_db_users.stdout_lines }}"
+          - name: Drop all unneeded Openstack DB users
+            shell: podman exec -u root -it "{{ mysql_container }}" mysql -sNe 'drop user {{ item }};'
+            loop: "{{ mysql_db_users.stdout_lines }}"
+
   role_data:
     description: Service MySQL using composable services.
     value:

deployment/database/mysql-container-puppet.yaml

@@ -264,6 +264,15 @@ outputs:
             - {'path': /var/log/containers/mysql, 'setype': 'container_file_t', 'mode': '0750'}
             - {'path': /var/lib/mysql, 'setype': 'container_file_t'}
       upgrade_tasks:
+       list_concat:
+       -
+        - name: set mysql container name fact
+          when:
+            - step|int == 1
+          set_fact:
+            mysql_container_name: mysql
+       - {get_attr: [MysqlBase, mysql_drop_unused_users]}
+       -
           # When mariadb is upgraded to a new major release, one must run
           # mysql_upgrade to upgrade the DB's system tables, and potentially
           # run other storage upgrade. We want to that as early as possible

deployment/database/mysql-pacemaker-puppet.yaml

@@ -391,10 +391,20 @@ outputs:
             tripleo_ha_wrapper_minor_update: true
 
       upgrade_tasks:
+       list_concat:
+       -
         - name: Tear-down non-HA mysql container
           when:
             - step|int == 0
           block: *mysql_teardown_nonha
+       -
+        - name: set mysql container name fact
+          when:
+            - step|int == 1
+          set_fact:
+            mysql_container_name: galera-bundle
+       - {get_attr: [MysqlBase, mysql_drop_unused_users]}
+       -
         - vars:
             mysql_upgrade_persist: {get_param: MysqlUpgradePersist}
           when: