opuppet/module-puppetlabs-mysql
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

When fqdn==localhost account security breaks

Browse source 
This is because the root@localhost account is already
defined.

Remove localdomain accounts if fqdn is localhost
This commit is contained in:
Daniël van Eeden 2015-01-10 17:17:35 +01:00
parent 23c192df9f
commit c04fed1066
2 changed files with 55 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
manifests/server/account_security.pp
View file

@ -1,20 +1,36 @@
class mysql::server::account_security { class mysql::server::account_security {
mysql_user { mysql_user {
[ "root@${::fqdn}", [ 'root@127.0.0.1',
'root@127.0.0.1',
'root@::1', 'root@::1',
"@${::fqdn}",
'@localhost', '@localhost',
'@%']: '@%']:
ensure => 'absent', ensure => 'absent',
require => Anchor['mysql::server::end'], require => Anchor['mysql::server::end'],
} }
if ($::fqdn != $::hostname) { if ($::fqdn != 'localhost.localdomain') {
mysql_user { ["root@${::hostname}", "@${::hostname}"]: mysql_user {
[ "root@localhost.localdomain",
"@localhost.localdomain"]:
ensure => 'absent', ensure => 'absent',
require => Anchor['mysql::server::end'], require => Anchor['mysql::server::end'],
} }
} }
if ($::fqdn != 'localhost') {
mysql_user {
[ "root@${::fqdn}",
"@${::fqdn}"]:
ensure => 'absent',
require => Anchor['mysql::server::end'],
}
}
if ($::fqdn != $::hostname) {
if ($::hostname != 'localhost') {
mysql_user { ["root@${::hostname}", "@${::hostname}"]:
ensure => 'absent',
require => Anchor['mysql::server::end'],
}
}
}
mysql_database { 'test': mysql_database { 'test':
ensure => 'absent', ensure => 'absent',
require => Anchor['mysql::server::end'], require => Anchor['mysql::server::end'],

36
spec/classes/mysql_server_account_security_spec.rb
View file

@ -13,7 +13,7 @@ describe 'mysql::server::account_security' do
'@localhost', '@localhost',
'@%', '@%',
].each do |user| ].each do |user|
it 'removes Mysql_User[#{user}]' do it "removes Mysql_User[#{user}]" do
is_expected.to contain_mysql_user(user).with_ensure('absent') is_expected.to contain_mysql_user(user).with_ensure('absent')
end end
end end
@ -22,7 +22,7 @@ describe 'mysql::server::account_security' do
# We don't need to test the inverse as when they match they are # We don't need to test the inverse as when they match they are
# covered by the above list. # covered by the above list.
[ 'root@myhost', '@myhost' ].each do |user| [ 'root@myhost', '@myhost' ].each do |user|
it 'removes Mysql_User[#{user}]' do it "removes Mysql_User[#{user}]" do
is_expected.to contain_mysql_user(user).with_ensure('absent') is_expected.to contain_mysql_user(user).with_ensure('absent')
end end
end end
@ -31,6 +31,38 @@ describe 'mysql::server::account_security' do
is_expected.to contain_mysql_database('test').with_ensure('absent') is_expected.to contain_mysql_database('test').with_ensure('absent')
end end
end end
describe "on #{pe_version} #{pe_platform} with fqdn==localhost" do
let(:facts) { facts.merge({:fqdn => 'localhost', :hostname => 'localhost'}) }
[ 'root@127.0.0.1',
'root@::1',
'@localhost',
'root@localhost.localdomain',
'@localhost.localdomain',
'@%',
].each do |user|
it "removes Mysql_User[#{user}]" do
is_expected.to contain_mysql_user(user).with_ensure('absent')
end
end
end
describe "on #{pe_version} #{pe_platform} with fqdn==localhost.localdomain" do
let(:facts) { facts.merge({:fqdn => 'localhost.localdomain', :hostname => 'localhost'}) }
[ 'root@127.0.0.1',
'root@::1',
'@localhost',
'root@localhost.localdomain',
'@localhost.localdomain',
'@%',
].each do |user|
it "removes Mysql_User[#{user}]" do
is_expected.to contain_mysql_user(user).with_ensure('absent')
end
end
end
end end
end end
end end