As we move towards galera+haproxy for the openstack database, most host-specific grants will be moot, as mysql sees all connections as coming in from the haproxy host.
It would still be good to restrict access to certain hosts, though; that probably needs to happen via an haproxy ACL.