diff --git a/bitnami/matomo/4/debian-10/Dockerfile b/bitnami/matomo/4/debian-10/Dockerfile index f798bfd35fee..5660ad828992 100644 --- a/bitnami/matomo/4/debian-10/Dockerfile +++ b/bitnami/matomo/4/debian-10/Dockerfile @@ -31,7 +31,7 @@ ENV ALLOW_EMPTY_PASSWORD="no" \ APACHE_HTTPS_PORT_NUMBER="" \ APACHE_HTTP_PORT_NUMBER="" \ BITNAMI_APP_NAME="matomo" \ - BITNAMI_IMAGE_VERSION="4.2.1-debian-10-r47" \ + BITNAMI_IMAGE_VERSION="4.2.1-debian-10-r48" \ MARIADB_HOST="mariadb" \ MARIADB_PORT_NUMBER="3306" \ MARIADB_ROOT_PASSWORD="" \ diff --git a/bitnami/matomo/4/debian-10/rootfs/opt/bitnami/scripts/libmysqlclient.sh b/bitnami/matomo/4/debian-10/rootfs/opt/bitnami/scripts/libmysqlclient.sh index e4f35f989c82..b6b45c27e858 100644 --- a/bitnami/matomo/4/debian-10/rootfs/opt/bitnami/scripts/libmysqlclient.sh +++ b/bitnami/matomo/4/debian-10/rootfs/opt/bitnami/scripts/libmysqlclient.sh @@ -116,6 +116,7 @@ mysql_client_initialize() { [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" ]] && createdb_args+=("-u" "$MYSQL_CLIENT_CREATE_DATABASE_USER") [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_CHARACTER_SET" ]] && createdb_args+=("--character-set" "$MYSQL_CLIENT_CREATE_DATABASE_CHARACTER_SET") [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_COLLATE" ]] && createdb_args+=("--collate" "$MYSQL_CLIENT_CREATE_DATABASE_COLLATE") + [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_PRIVILEGES" ]] && createdb_args+=("--privileges" "$MYSQL_CLIENT_CREATE_DATABASE_PRIVILEGES") mysql_ensure_optional_database_exists "${createdb_args[@]}" fi } @@ -736,15 +737,16 @@ EOF mysql_ensure_user_has_database_privileges() { local -r user="${1:?user is required}" local -r database="${2:?db is required}" - local -r db_host="${3:-}" - local -r db_port="${4:-}" + local -r privileges="${3:-all}" + local -r db_host="${4:-}" + local -r db_port="${5:-}" local -a mysql_execute_cmd=("mysql_execute") [[ -n "$db_host" && -n "$db_port" ]] && mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") debug "Providing privileges to username $user on database $database" "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <&2 return 1 @@ -876,10 +883,7 @@ mysql_ensure_optional_database_exists() { mysql_ensure_database_exists "${flags[@]}" if [[ -n "$user" ]]; then - local -a grant_flags=("$user" "$database") - [[ -n "$db_host" ]] && grant_flags+=("$db_host") - [[ -n "$db_port" ]] && grant_flags+=("$db_port") - mysql_ensure_user_has_database_privileges "${grant_flags[@]}" + mysql_ensure_user_has_database_privileges "$user" "$database" "$privileges" "$db_host" "$db_port" fi } diff --git a/bitnami/matomo/4/debian-10/rootfs/opt/bitnami/scripts/mysql-client-env.sh b/bitnami/matomo/4/debian-10/rootfs/opt/bitnami/scripts/mysql-client-env.sh index 89acd0dc1c4d..defd9bf6d4d5 100644 --- a/bitnami/matomo/4/debian-10/rootfs/opt/bitnami/scripts/mysql-client-env.sh +++ b/bitnami/matomo/4/debian-10/rootfs/opt/bitnami/scripts/mysql-client-env.sh @@ -33,6 +33,7 @@ mysql_env_vars=( MYSQL_CLIENT_CREATE_DATABASE_PASSWORD MYSQL_CLIENT_CREATE_DATABASE_CHARACTER_SET MYSQL_CLIENT_CREATE_DATABASE_COLLATE + MYSQL_CLIENT_CREATE_DATABASE_PRIVILEGES MYSQL_CLIENT_ENABLE_SSL_WRAPPER MYSQL_CLIENT_ENABLE_SSL MYSQL_CLIENT_SSL_CA_FILE @@ -105,6 +106,8 @@ export MYSQL_CLIENT_CREATE_DATABASE_CHARACTER_SET="${MYSQL_CLIENT_CREATE_DATABAS export DB_CREATE_DATABASE_CHARACTER_SET="$MYSQL_CLIENT_CREATE_DATABASE_CHARACTER_SET" export MYSQL_CLIENT_CREATE_DATABASE_COLLATE="${MYSQL_CLIENT_CREATE_DATABASE_COLLATE:-}" export DB_CREATE_DATABASE_COLLATE="$MYSQL_CLIENT_CREATE_DATABASE_COLLATE" +export MYSQL_CLIENT_CREATE_DATABASE_PRIVILEGES="${MYSQL_CLIENT_CREATE_DATABASE_PRIVILEGES:-}" +export DB_CREATE_DATABASE_PRIVILEGES="$MYSQL_CLIENT_CREATE_DATABASE_PRIVILEGES" export MYSQL_CLIENT_ENABLE_SSL_WRAPPER="${MYSQL_CLIENT_ENABLE_SSL_WRAPPER:-no}" export DB_ENABLE_SSL_WRAPPER="$MYSQL_CLIENT_ENABLE_SSL_WRAPPER" export MYSQL_CLIENT_ENABLE_SSL="${MYSQL_CLIENT_ENABLE_SSL:-no}" diff --git a/bitnami/matomo/README.md b/bitnami/matomo/README.md index 6b1abff9cad2..d17b283de8c4 100644 --- a/bitnami/matomo/README.md +++ b/bitnami/matomo/README.md @@ -36,7 +36,7 @@ Non-root container images add an extra layer of security and are generally recom Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers/). -* [`4`, `4-debian-10`, `4.2.1`, `4.2.1-debian-10-r47`, `latest` (4/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-matomo/blob/4.2.1-debian-10-r47/4/debian-10/Dockerfile) +* [`4`, `4-debian-10`, `4.2.1`, `4.2.1-debian-10-r48`, `latest` (4/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-matomo/blob/4.2.1-debian-10-r48/4/debian-10/Dockerfile) Subscribe to project updates by watching the [bitnami/matomo GitHub repo](https://github.com/bitnami/bitnami-docker-matomo). @@ -305,6 +305,7 @@ When you start the Matomo image, you can adjust the configuration of the instanc - `MYSQL_CLIENT_CREATE_DATABASE_PASSWORD`: Database password for the `MYSQL_CLIENT_CREATE_DATABASE_USER` user. No defaults. - `MYSQL_CLIENT_CREATE_DATABASE_CHARACTER_SET`: Character set to use for the new database. No defaults. - `MYSQL_CLIENT_CREATE_DATABASE_COLLATE`: Database collation to use for the new database. No defaults. +- `MYSQL_CLIENT_CREATE_DATABASE_PRIVILEGES`: Database privileges to grant for the user specified in `MYSQL_CLIENT_CREATE_DATABASE_USER` to the database specified in `MYSQL_CLIENT_CREATE_DATABASE_NAME`. No defaults. - `MYSQL_CLIENT_ENABLE_SSL_WRAPPER`: Whether to force SSL connections to the database via the `mysql` CLI tool. Useful for applications that rely on the CLI instead of APIs. Default: **no** - `MYSQL_CLIENT_ENABLE_SSL`: Whether to force SSL connections for the database. Default: **no** - `MYSQL_CLIENT_SSL_CA_FILE`: Path to the SSL CA file for the new database. No defaults