opuppet/module-puppetlabs-mysql
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

MODULES-1981: Revoke and grant difference of old and new privileges

Browse source
This commit is contained in:
Artur Gadelshin 2015-05-04 16:07:10 +03:00
parent cc5d937b83
commit 35c75b79bb
1 changed files with 29 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
lib/puppet/provider/mysql_grant/mysql.rb
View file

@ -96,18 +96,20 @@ Puppet::Type.type(:mysql_grant).provide(:mysql, :parent => Puppet::Provider::Mys
exists? ? (return true) : (return false) exists? ? (return true) : (return false)
end end
def revoke(user, table) def revoke(user, table, revoke_privileges = ['ALL'])
user_string = self.class.cmd_user(user) user_string = self.class.cmd_user(user)
table_string = self.class.cmd_table(table) table_string = self.class.cmd_table(table)
priv_string = self.class.cmd_privs(revoke_privileges)
# revoke grant option needs to be a extra query, because # revoke grant option needs to be a extra query, because
# "REVOKE ALL PRIVILEGES, GRANT OPTION [..]" is only valid mysql syntax # "REVOKE ALL PRIVILEGES, GRANT OPTION [..]" is only valid mysql syntax
# if no ON clause is used. # if no ON clause is used.
# It hast to be executed before "REVOKE ALL [..]" since a GRANT has to # It hast to be executed before "REVOKE ALL [..]" since a GRANT has to
# exist to be executed successfully # exist to be executed successfully
if revoke_privileges.include? 'ALL'
query = "REVOKE GRANT OPTION ON #{table_string} FROM #{user_string}" query = "REVOKE GRANT OPTION ON #{table_string} FROM #{user_string}"
mysql([defaults_file, '-e', query].compact) mysql([defaults_file, '-e', query].compact)
query = "REVOKE ALL ON #{table_string} FROM #{user_string}" end
query = "REVOKE #{priv_string} ON #{table_string} FROM #{user_string}"
mysql([defaults_file, '-e', query].compact) mysql([defaults_file, '-e', query].compact)
end end
@ -129,11 +131,29 @@ Puppet::Type.type(:mysql_grant).provide(:mysql, :parent => Puppet::Provider::Mys
mk_resource_methods mk_resource_methods
def privileges=(privileges) def diff_privileges(privileges_old, privileges_new)
revoke(@property_hash[:user], @property_hash[:table]) diff = {:revoke => Array.new, :grant => Array.new}
grant(@property_hash[:user], @property_hash[:table], privileges, @property_hash[:options]) if privileges_old.include? 'ALL'
@property_hash[:privileges] = privileges diff[:revoke] = privileges_old
diff[:grant] = privileges_new
elsif privileges_new.include? 'ALL'
diff[:grant] = privileges_new
else
diff[:revoke] = privileges_old - privileges_new
diff[:grant] = privileges_new - privileges_old
end
return diff
end
def privileges=(privileges)
diff = diff_privileges(@property_hash[:privileges], privileges)
if not diff[:revoke].empty?
revoke(@property_hash[:user], @property_hash[:table], diff[:revoke])
end
if not diff[:grant].empty?
grant(@property_hash[:user], @property_hash[:table], diff[:grant], @property_hash[:options])
end
@property_hash[:privileges] = privileges
self.privileges self.privileges
end end