2011-05-25 08:22:43 +02:00
|
|
|
# A grant is either global or per-db. This can be distinguished by the syntax
|
|
|
|
|
# of the name:
|
2012-02-09 20:26:00 +01:00
|
|
|
# user@host => global
|
|
|
|
|
# user@host/db => per-db
|
2011-05-25 08:22:43 +02:00
|
|
|
|
|
|
|
|
Puppet::Type.type(:database_grant).provide(:mysql) do
|
|
|
|
|
|
2012-02-09 20:26:00 +01:00
|
|
|
desc "Uses mysql as database."
|
|
|
|
|
|
|
|
|
|
defaultfor :kernel => 'Linux'
|
|
|
|
|
|
|
|
|
|
optional_commands :mysql => 'mysql'
|
|
|
|
|
optional_commands :mysqladmin => 'mysqladmin'
|
|
|
|
|
|
2012-04-27 20:38:45 +02:00
|
|
|
def self.prefetch(resources)
|
|
|
|
|
@user_privs = query_user_privs
|
|
|
|
|
@db_privs = query_db_privs
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def self.user_privs
|
|
|
|
|
@user_privs || query_user_privs
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def self.db_privs
|
|
|
|
|
@db_privs || query_db_privs
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def user_privs
|
|
|
|
|
self.class.user_privs
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def db_privs
|
|
|
|
|
self.class.db_privs
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def self.query_user_privs
|
|
|
|
|
results = mysql("mysql", "-Be", "describe user")
|
|
|
|
|
column_names = results.split(/\n/).map { |l| l.chomp.split(/\t/)[0] }
|
|
|
|
|
@user_privs = column_names.delete_if { |e| !( e =~/_priv$/) }.map! { |p| p.intern }
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def self.query_db_privs
|
|
|
|
|
results = mysql("mysql", "-Be", "describe db")
|
|
|
|
|
column_names = results.split(/\n/).map { |l| l.chomp.split(/\t/)[0] }
|
|
|
|
|
@db_privs = column_names.delete_if { |e| !(e =~/_priv$/) }.map! { |p| p.intern }
|
|
|
|
|
end
|
|
|
|
|
|
2012-02-09 20:26:00 +01:00
|
|
|
def mysql_flush
|
|
|
|
|
mysqladmin "flush-privileges"
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# this parses the
|
|
|
|
|
def split_name(string)
|
|
|
|
|
matches = /^([^@]*)@([^\/]*)(\/(.*))?$/.match(string).captures.compact
|
|
|
|
|
case matches.length
|
|
|
|
|
when 2
|
|
|
|
|
{
|
|
|
|
|
:type => :user,
|
|
|
|
|
:user => matches[0],
|
|
|
|
|
:host => matches[1]
|
|
|
|
|
}
|
|
|
|
|
when 4
|
|
|
|
|
{
|
|
|
|
|
:type => :db,
|
|
|
|
|
:user => matches[0],
|
|
|
|
|
:host => matches[1],
|
|
|
|
|
:db => matches[3]
|
|
|
|
|
}
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def create_row
|
|
|
|
|
unless @resource.should(:privileges).empty?
|
|
|
|
|
name = split_name(@resource[:name])
|
|
|
|
|
case name[:type]
|
|
|
|
|
when :user
|
|
|
|
|
mysql "mysql", "-e", "INSERT INTO user (host, user) VALUES ('%s', '%s')" % [
|
|
|
|
|
name[:host], name[:user],
|
|
|
|
|
]
|
|
|
|
|
when :db
|
|
|
|
|
mysql "mysql", "-e", "INSERT INTO db (host, user, db) VALUES ('%s', '%s', '%s')" % [
|
|
|
|
|
name[:host], name[:user], name[:db],
|
|
|
|
|
]
|
|
|
|
|
end
|
|
|
|
|
mysql_flush
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def destroy
|
|
|
|
|
mysql "mysql", "-e", "REVOKE ALL ON '%s'.* FROM '%s@%s'" % [ @resource[:privileges], @resource[:database], @resource[:name], @resource[:host] ]
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def row_exists?
|
|
|
|
|
name = split_name(@resource[:name])
|
|
|
|
|
fields = [:user, :host]
|
|
|
|
|
if name[:type] == :db
|
|
|
|
|
fields << :db
|
|
|
|
|
end
|
|
|
|
|
not mysql( "mysql", "-NBe", 'SELECT "1" FROM %s WHERE %s' % [ name[:type], fields.map do |f| "%s = '%s'" % [f, name[f]] end.join(' AND ')]).empty?
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def all_privs_set?
|
|
|
|
|
all_privs = case split_name(@resource[:name])[:type]
|
|
|
|
|
when :user
|
2012-04-27 20:38:45 +02:00
|
|
|
user_privs
|
2012-02-09 20:26:00 +01:00
|
|
|
when :db
|
2012-04-27 20:38:45 +02:00
|
|
|
db_privs
|
2012-02-09 20:26:00 +01:00
|
|
|
end
|
|
|
|
|
all_privs = all_privs.collect do |p| p.to_s end.sort.join("|")
|
|
|
|
|
privs = privileges.collect do |p| p.to_s end.sort.join("|")
|
|
|
|
|
|
|
|
|
|
all_privs == privs
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def privileges
|
|
|
|
|
name = split_name(@resource[:name])
|
|
|
|
|
privs = ""
|
|
|
|
|
|
|
|
|
|
case name[:type]
|
|
|
|
|
when :user
|
|
|
|
|
privs = mysql "mysql", "-Be", 'select * from user where user="%s" and host="%s"' % [ name[:user], name[:host] ]
|
|
|
|
|
when :db
|
|
|
|
|
privs = mysql "mysql", "-Be", 'select * from db where user="%s" and host="%s" and db="%s"' % [ name[:user], name[:host], name[:db] ]
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
if privs.match(/^$/)
|
|
|
|
|
privs = [] # no result, no privs
|
|
|
|
|
else
|
|
|
|
|
# returns a line with field names and a line with values, each tab-separated
|
|
|
|
|
privs = privs.split(/\n/).map! do |l| l.chomp.split(/\t/) end
|
|
|
|
|
# transpose the lines, so we have key/value pairs
|
|
|
|
|
privs = privs[0].zip(privs[1])
|
|
|
|
|
privs = privs.select do |p| p[0].match(/_priv$/) and p[1] == 'Y' end
|
|
|
|
|
end
|
|
|
|
|
|
2012-04-27 20:38:45 +02:00
|
|
|
privs.collect do |p| symbolize(p[0]) end
|
2012-02-09 20:26:00 +01:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def privileges=(privs)
|
|
|
|
|
unless row_exists?
|
|
|
|
|
create_row
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# puts "Setting privs: ", privs.join(", ")
|
|
|
|
|
name = split_name(@resource[:name])
|
|
|
|
|
stmt = ''
|
|
|
|
|
where = ''
|
|
|
|
|
all_privs = []
|
|
|
|
|
case name[:type]
|
|
|
|
|
when :user
|
|
|
|
|
stmt = 'update user set '
|
|
|
|
|
where = ' where user="%s" and host="%s"' % [ name[:user], name[:host] ]
|
2012-04-27 20:38:45 +02:00
|
|
|
all_privs = user_privs
|
2012-02-09 20:26:00 +01:00
|
|
|
when :db
|
|
|
|
|
stmt = 'update db set '
|
|
|
|
|
where = ' where user="%s" and host="%s"' % [ name[:user], name[:host] ]
|
2012-04-27 20:38:45 +02:00
|
|
|
all_privs = db_privs
|
2012-02-09 20:26:00 +01:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
if privs[0] == :all
|
|
|
|
|
privs = all_privs
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# puts "stmt:", stmt
|
|
|
|
|
set = all_privs.collect do |p| "%s = '%s'" % [p, privs.include?(p) ? 'Y' : 'N'] end.join(', ')
|
|
|
|
|
# puts "set:", set
|
|
|
|
|
stmt = stmt << set << where
|
|
|
|
|
|
|
|
|
|
mysql "mysql", "-Be", stmt
|
|
|
|
|
mysql_flush
|
|
|
|
|
end
|
2011-05-25 08:22:43 +02:00
|
|
|
end
|
