From 49f273a42cf532288f7d8383d6a7fb952f1cb121 Mon Sep 17 00:00:00 2001
From: "Steven C. Saliman" <support@saliman.net>
Date: Thu, 30 Apr 2015 12:37:38 -0600
Subject: [PATCH] Made the 'TRIGGER'privilege of mysqldump backups depend on
 whether or not we are actually backing up triggers

---
 manifests/backup/mysqldump.pp            | 22 ++++++++++++++++------
 spec/classes/mysql_server_backup_spec.rb |  9 +++++++++
 2 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/manifests/backup/mysqldump.pp b/manifests/backup/mysqldump.pp
index 649dcaf..f1c924f 100644
--- a/manifests/backup/mysqldump.pp
+++ b/manifests/backup/mysqldump.pp
@@ -26,12 +26,22 @@ class mysql::backup::mysqldump (
     require       => Class['mysql::server::root_password'],
   }
 
-  mysql_grant { "${backupuser}@localhost/*.*":
-    ensure     => $ensure,
-    user       => "${backupuser}@localhost",
-    table      => '*.*',
-    privileges => [ 'SELECT', 'RELOAD', 'LOCK TABLES', 'SHOW VIEW', 'PROCESS', 'TRIGGER' ],
-    require    => Mysql_user["${backupuser}@localhost"],
+  if $include_triggers {
+    mysql_grant { "${backupuser}@localhost/*.*":
+      ensure     => $ensure,
+      user       => "${backupuser}@localhost",
+      table      => '*.*',
+      privileges => [ 'SELECT', 'RELOAD', 'LOCK TABLES', 'SHOW VIEW', 'PROCESS', 'TRIGGER' ],
+      require    => Mysql_user["${backupuser}@localhost"],
+    }
+  } else {
+    mysql_grant { "${backupuser}@localhost/*.*":
+      ensure     => $ensure,
+      user       => "${backupuser}@localhost",
+      table      => '*.*',
+      privileges => [ 'SELECT', 'RELOAD', 'LOCK TABLES', 'SHOW VIEW', 'PROCESS' ],
+      require    => Mysql_user["${backupuser}@localhost"],
+    }
   }
 
   cron { 'mysql-backup':
diff --git a/spec/classes/mysql_server_backup_spec.rb b/spec/classes/mysql_server_backup_spec.rb
index 0cd93e0..81abb30 100644
--- a/spec/classes/mysql_server_backup_spec.rb
+++ b/spec/classes/mysql_server_backup_spec.rb
@@ -27,6 +27,15 @@ describe 'mysql::server::backup' do
             :privileges => ['SELECT', 'RELOAD', 'LOCK TABLES', 'SHOW VIEW', 'PROCESS', 'TRIGGER']
           ).that_requires('Mysql_user[testuser@localhost]') }
 
+          context 'with triggers excluded' do
+            let(:params) do
+              { :include_triggers => false }.merge(default_params)
+            end
+            it { is_expected.to contain_mysql_grant('testuser@localhost/*.*').with(
+              :privileges => ['SELECT', 'RELOAD', 'LOCK TABLES', 'SHOW VIEW', 'PROCESS']
+            ).that_requires('Mysql_user[testuser@localhost]') }
+          end
+
           it { is_expected.to contain_cron('mysql-backup').with(
             :command => '/usr/local/sbin/mysqlbackup.sh',
             :ensure  => 'present'