mysql backend - allow providing hostname (for CT)

[jippi]

Hi,

A problem I'm currently having is that the mysql secret backend only provides a username ({{.Data.username}} in CT) and password ({{.Data.password}} in CT)

Providing a connection string usually also include a hostname though, and some arbitrary attributes like database and so on.

It would be nice if you could attach these kind of meta-data keys to the data returned from a mysql secret lease - e.g. {{.Data.hostname}}, {{.Data.port}} and {{.Data.database}} and so on

For example if my CT request credentials for a read-only access account, it could bind the hostname to slave.mysql.service.consul (provided by me in POST /mysql/roles/- will allow for more dumb CT as it wouldn't have to read the hostname from a clear-text key/value, allowing the consuming developer to just use the returned data and no outside knowledge about the system(s) to get things working correctly

Example:

POST /mysql/roles/p_read_only { sql: "bla bla", hostname: slave.mysql.service.consul, port: 3306, database: production }
POST /mysql/roles/i_read_only { sql: "bla bla", hostname: slave.mysql.service.consul, port: 3306, database: insights }
POST /mysql/roles/p_writeable { sql: "bla bla", hostname: master.mysql.service.consul, port: 3308, database: production }

[jefferai]

Neat idea. @LLBennett something to keep in mind!

[jippi]

I worked around this in different ways the last 2 years, probably not worth a fix in Vault

[StyleT]

@jippi Hi! I think that this issue still causes additional complexity during Vault adoption... Maybe you can reopen this issue?

@jefferai Hi! Do you guys have any plans to fix it?

[serverhorror]

I think this might be related to #317. In the overall scheme it seems that it would be nice to be able to define the output string(s) in one way or another.

I know the title says PostgreSQL but it sounds to be a very much the same request, no?