From c04fed10661d0dfb2c8a81f180a621a401a1355f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=C3=ABl=20van=20Eeden?= Date: Sat, 10 Jan 2015 17:17:35 +0100 Subject: [PATCH] When fqdn==localhost account security breaks This is because the root@localhost account is already defined. Remove localdomain accounts if fqdn is localhost --- manifests/server/account_security.pp | 26 +++++++++++--- .../mysql_server_account_security_spec.rb | 36 +++++++++++++++++-- 2 files changed, 55 insertions(+), 7 deletions(-) diff --git a/manifests/server/account_security.pp b/manifests/server/account_security.pp index 36d9437..68f6e85 100644 --- a/manifests/server/account_security.pp +++ b/manifests/server/account_security.pp @@ -1,20 +1,36 @@ class mysql::server::account_security { mysql_user { - [ "root@${::fqdn}", - 'root@127.0.0.1', + [ 'root@127.0.0.1', 'root@::1', - "@${::fqdn}", '@localhost', '@%']: ensure => 'absent', require => Anchor['mysql::server::end'], } - if ($::fqdn != $::hostname) { - mysql_user { ["root@${::hostname}", "@${::hostname}"]: + if ($::fqdn != 'localhost.localdomain') { + mysql_user { + [ "root@localhost.localdomain", + "@localhost.localdomain"]: ensure => 'absent', require => Anchor['mysql::server::end'], } } + if ($::fqdn != 'localhost') { + mysql_user { + [ "root@${::fqdn}", + "@${::fqdn}"]: + ensure => 'absent', + require => Anchor['mysql::server::end'], + } + } + if ($::fqdn != $::hostname) { + if ($::hostname != 'localhost') { + mysql_user { ["root@${::hostname}", "@${::hostname}"]: + ensure => 'absent', + require => Anchor['mysql::server::end'], + } + } + } mysql_database { 'test': ensure => 'absent', require => Anchor['mysql::server::end'], diff --git a/spec/classes/mysql_server_account_security_spec.rb b/spec/classes/mysql_server_account_security_spec.rb index 9bd6508..6f6e73d 100644 --- a/spec/classes/mysql_server_account_security_spec.rb +++ b/spec/classes/mysql_server_account_security_spec.rb @@ -13,7 +13,7 @@ describe 'mysql::server::account_security' do '@localhost', '@%', ].each do |user| - it 'removes Mysql_User[#{user}]' do + it "removes Mysql_User[#{user}]" do is_expected.to contain_mysql_user(user).with_ensure('absent') end end @@ -22,7 +22,7 @@ describe 'mysql::server::account_security' do # We don't need to test the inverse as when they match they are # covered by the above list. [ 'root@myhost', '@myhost' ].each do |user| - it 'removes Mysql_User[#{user}]' do + it "removes Mysql_User[#{user}]" do is_expected.to contain_mysql_user(user).with_ensure('absent') end end @@ -31,6 +31,38 @@ describe 'mysql::server::account_security' do is_expected.to contain_mysql_database('test').with_ensure('absent') end end + + describe "on #{pe_version} #{pe_platform} with fqdn==localhost" do + let(:facts) { facts.merge({:fqdn => 'localhost', :hostname => 'localhost'}) } + + [ 'root@127.0.0.1', + 'root@::1', + '@localhost', + 'root@localhost.localdomain', + '@localhost.localdomain', + '@%', + ].each do |user| + it "removes Mysql_User[#{user}]" do + is_expected.to contain_mysql_user(user).with_ensure('absent') + end + end + end + + describe "on #{pe_version} #{pe_platform} with fqdn==localhost.localdomain" do + let(:facts) { facts.merge({:fqdn => 'localhost.localdomain', :hostname => 'localhost'}) } + + [ 'root@127.0.0.1', + 'root@::1', + '@localhost', + 'root@localhost.localdomain', + '@localhost.localdomain', + '@%', + ].each do |user| + it "removes Mysql_User[#{user}]" do + is_expected.to contain_mysql_user(user).with_ensure('absent') + end + end + end end end end