When fqdn==localhost account security breaks

This is because the root@localhost account is already defined. Remove localdomain accounts if fqdn is localhost
2015-01-10 17:17:35 +01:00 · 2015-01-10 17:17:35 +01:00 · c04fed1066
commit c04fed1066
parent 23c192df9f
2 changed files with 55 additions and 7 deletions
--- a/manifests/server/account_security.pp
+++ b/manifests/server/account_security.pp
@ -1,20 +1,36 @@
 class mysql::server::account_security {
  mysql_user {
-    [ "root@${::fqdn}",
-      'root@127.0.0.1',
+    [ 'root@127.0.0.1',
      'root@::1',
-      "@${::fqdn}",
      '@localhost',
      '@%']:
    ensure  => 'absent',
    require => Anchor['mysql::server::end'],
  }
-  if ($::fqdn != $::hostname) {
-    mysql_user { ["root@${::hostname}", "@${::hostname}"]:
+  if ($::fqdn != 'localhost.localdomain') {
+    mysql_user {
+      [ "root@localhost.localdomain",
+        "@localhost.localdomain"]:
      ensure  => 'absent',
      require => Anchor['mysql::server::end'],
    }
  }
+  if ($::fqdn != 'localhost') {
+    mysql_user {
+      [ "root@${::fqdn}",
+        "@${::fqdn}"]:
+      ensure  => 'absent',
+      require => Anchor['mysql::server::end'],
+    }
+  }
+  if ($::fqdn != $::hostname) {
+    if ($::hostname != 'localhost') {
+      mysql_user { ["root@${::hostname}", "@${::hostname}"]:
+        ensure  => 'absent',
+        require => Anchor['mysql::server::end'],
+      }
+    }
+  }
  mysql_database { 'test':
    ensure  => 'absent',
    require => Anchor['mysql::server::end'],
--- a/spec/classes/mysql_server_account_security_spec.rb
+++ b/spec/classes/mysql_server_account_security_spec.rb
@ -13,7 +13,7 @@ describe 'mysql::server::account_security' do
          '@localhost',
          '@%',
        ].each do |user|
-          it 'removes Mysql_User[#{user}]' do
+          it "removes Mysql_User[#{user}]" do
            is_expected.to contain_mysql_user(user).with_ensure('absent')
          end
        end
@ -22,7 +22,7 @@ describe 'mysql::server::account_security' do
        # We don't need to test the inverse as when they match they are
        # covered by the above list.
        [ 'root@myhost', '@myhost' ].each do |user|
-          it 'removes Mysql_User[#{user}]' do
+          it "removes Mysql_User[#{user}]" do
            is_expected.to contain_mysql_user(user).with_ensure('absent')
          end
        end
@ -31,6 +31,38 @@ describe 'mysql::server::account_security' do
          is_expected.to contain_mysql_database('test').with_ensure('absent')
        end
      end
+
+      describe "on #{pe_version} #{pe_platform} with fqdn==localhost" do
+        let(:facts) { facts.merge({:fqdn => 'localhost', :hostname => 'localhost'}) }
+
+        [ 'root@127.0.0.1',
+          'root@::1',
+          '@localhost',
+          'root@localhost.localdomain',
+          '@localhost.localdomain',
+          '@%',
+        ].each do |user|
+          it "removes Mysql_User[#{user}]" do
+            is_expected.to contain_mysql_user(user).with_ensure('absent')
+          end
+        end
+      end
+
+      describe "on #{pe_version} #{pe_platform} with fqdn==localhost.localdomain" do
+        let(:facts) { facts.merge({:fqdn => 'localhost.localdomain', :hostname => 'localhost'}) }
+
+        [ 'root@127.0.0.1',
+          'root@::1',
+          '@localhost',
+          'root@localhost.localdomain',
+          '@localhost.localdomain',
+          '@%',
+        ].each do |user|
+          it "removes Mysql_User[#{user}]" do
+            is_expected.to contain_mysql_user(user).with_ensure('absent')
+          end
+        end
+      end
    end
  end
 end