Improved user validation and munging

We want to make sure we are validating the entire user parameter (and validating it consistently between mysql_user and mysql_grant). Additionally, for munging we do not want to do anything that could truncate the username.
2015-09-17 17:06:58 -07:00 · 2015-09-17 17:06:58 -07:00 · 97b8200a5f
commit 97b8200a5f
parent 57956783fa
3 changed files with 20 additions and 5 deletions
--- a/lib/puppet/type/mysql_grant.rb
+++ b/lib/puppet/type/mysql_grant.rb
@ -65,10 +65,10 @@ Puppet::Type.newtype(:mysql_grant) do
      # If at least one special char is used, string must be quoted

      # http://stackoverflow.com/questions/8055727/negating-a-backreference-in-regular-expressions/8057827#8057827
-      if matches = /^(['`"])((?!\1).)*\1@([\w%\.:\-]+)/.match(value)
+      if matches = /^(['`"])((?!\1).)*\1@([\w%\.:\-\/]+)$/.match(value)
        user_part = matches[2]
        host_part = matches[3]
-      elsif matches = /^([0-9a-zA-Z$_]*)@([\w%\.:\-]+)/.match(value)
+      elsif matches = /^([0-9a-zA-Z$_]*)@([\w%\.:\-\/]+)$/.match(value)
        user_part = matches[1]
        host_part = matches[2]
      elsif matches = /^((?!['`"]).*[^0-9a-zA-Z$_].*)@(.+)$/.match(value)
@ -87,6 +87,11 @@ Puppet::Type.newtype(:mysql_grant) do
        end
      end
    end
+
+    munge do |value|
+      matches = /^((['`"]?).*\2)@(.+)$/.match(value)
+      "#{matches[1]}@#{matches[3].downcase}"
+    end
  end

  newproperty(:options, :array_matching => :all) do
--- a/lib/puppet/type/mysql_user.rb
+++ b/lib/puppet/type/mysql_user.rb
@ -14,10 +14,10 @@ Puppet::Type.newtype(:mysql_user) do
      # If at least one special char is used, string must be quoted

      # http://stackoverflow.com/questions/8055727/negating-a-backreference-in-regular-expressions/8057827#8057827
-      if matches = /^(['`"])((?:(?!\1).)*)\1@([\w%\.:\-]+)/.match(value)
+      if matches = /^(['`"])((?:(?!\1).)*)\1@([\w%\.:\-\/]+)$/.match(value)
        user_part = matches[2]
        host_part = matches[3]
-      elsif matches = /^([0-9a-zA-Z$_]*)@([\w%\.:\-]+)/.match(value)
+      elsif matches = /^([0-9a-zA-Z$_]*)@([\w%\.:\-\/]+)$/.match(value)
        user_part = matches[1]
        host_part = matches[2]
      elsif matches = /^((?!['`"]).*[^0-9a-zA-Z$_].*)@(.+)$/.match(value)
@ -38,7 +38,7 @@ Puppet::Type.newtype(:mysql_user) do
    end

    munge do |value|
-      matches = /^((['`"]?).*\2)@([\w%\.:\-]+)/.match(value)
+      matches = /^((['`"]?).*\2)@(.+)$/.match(value)
      "#{matches[1]}@#{matches[3].downcase}"
    end
  end
--- a/spec/unit/puppet/type/mysql_user_spec.rb
+++ b/spec/unit/puppet/type/mysql_user_spec.rb
@ -51,6 +51,16 @@ describe Puppet::Type.type(:mysql_user) do
    end
  end

+  context 'using foo@192.168.1.0/255.255.255.0' do
+    before :each do
+      @user = Puppet::Type.type(:mysql_user).new(:name => 'foo@192.168.1.0/255.255.255.0', :password_hash => 'pass')
+    end
+
+    it 'should create the user with the netmask' do
+      expect(@user[:name]).to eq('foo@192.168.1.0/255.255.255.0')
+    end
+  end
+
  context 'using allo_wed$char@localhost' do
    before :each do
      @user = Puppet::Type.type(:mysql_user).new(:name => 'allo_wed$char@localhost', :password_hash => 'pass')