Create database DBA role

Author: sinclert-canonical

common/common/mysql_shell/__init__.py

@@ -21,6 +21,7 @@
 
 _ROLE_DML = "charmed_dml"
 _ROLE_READ = "charmed_read"
+_ROLE_MAX_LENGTH = 32
 
 logger = logging.getLogger(__name__)
 
@@ -145,8 +146,19 @@ def _get_mysql_roles(self, name_pattern: str) -> typing.Set[str]:
 
     def create_application_database(self, *, database: str) -> str:
         """Create database for related database_provides application."""
+        role_name = f"charmed_dba_{database}"
+        if len(role_name) >= _ROLE_MAX_LENGTH:
+            logger.exception("Failed to create application database")
+            raise ValueError("Role name longer than 32 characters")
+
+        statements = [
+            f"CREATE DATABASE IF NOT EXISTS `{database}`",
+            f"CREATE ROLE IF NOT EXISTS `{role_name}`",
+            f"GRANT SELECT, INSERT, DELETE, UPDATE, EXECUTE ON `{database}`.* TO {role_name}",
+            f"GRANT ALTER, ALTER ROUTINE, CREATE, CREATE ROUTINE, CREATE VIEW, DROP, INDEX, LOCK TABLES, REFERENCES, TRIGGER ON `{database}`.* TO {role_name}",
+        ]
+
         mysql_roles = self._get_mysql_roles("charmed_%")
-        statements = [f"CREATE DATABASE IF NOT EXISTS `{database}`"]
         if _ROLE_READ in mysql_roles:
             statements.append(
                 f"GRANT SELECT ON `{database}`.* TO {_ROLE_READ}",