opuppet/module-puppetlabs-mysql
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

(MODULES-552) Add capability to specify column_privileges

Browse source
This commit is contained in:
Frederik Wagner 2014-09-15 18:11:46 +02:00
parent fbef97d613
commit f88719b52f
4 changed files with 56 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
README.md
View file

@ -511,6 +511,16 @@ mysql_grant { 'root@localhost/*.*':
}
```
It is possible to specify privileges down to the column level:
```puppet
mysql_grant { 'root@localhost/mysql.user':
ensure => 'present',
privileges => ['SELECT (Host, User)'],
table => 'mysql.user',
user => 'root@localhost',
}
```
##Limitations
This module has been tested on:

17
lib/puppet/provider/mysql_grant/mysql.rb
View file

@ -29,10 +29,19 @@ Puppet::Type.type(:mysql_grant).provide(:mysql, :parent => Puppet::Provider::Mys
# Matching: GRANT (SELECT, UPDATE) PRIVILEGES ON (*.*) TO ('root')@('127.0.0.1') (WITH GRANT OPTION)
if match = munged_grant.match(/^GRANT\s(.+)\sON\s(.+)\sTO\s(.*)@(.*?)(\s.*)$/)
privileges, table, user, host, rest = match.captures
# Once we split privileges up on the , we need to make sure we
# shortern ALL PRIVILEGES to just all.
stripped_privileges = privileges.split(',').map do |priv|
priv == 'ALL PRIVILEGES' ? 'ALL' : priv.lstrip.rstrip
# split on ',' if it is not a non-'('-containing string followed by a
# closing parenthesis ')'-char - e.g. only split comma separated elements not in
# parentheses
stripped_privileges = privileges.strip.split(/\s*,\s*(?![^(]*\))/).map do |priv|
# split and sort the column_privileges in the parentheses and rejoin
if priv.include?('(')
type, col=priv.strip.split(/\s+|\b/,2)
type.upcase + " (" + col.slice(1...-1).strip.split(/\s*,\s*/).sort.join(', ') + ")"
else
# Once we split privileges up on the , we need to make sure we
# shortern ALL PRIVILEGES to just all.
priv == 'ALL PRIVILEGES' ? 'ALL' : priv.strip
end
end
# Same here, but to remove OPTION leaving just GRANT.
options = ['GRANT'] if rest.match(/WITH\sGRANT\sOPTION/)

14
lib/puppet/type/mysql_grant.rb
View file

@ -17,7 +17,15 @@ Puppet::Type.newtype(:mysql_grant) do
# Sort the privileges array in order to ensure the comparision in the provider
# self.instances method match. Otherwise this causes it to keep resetting the
# privileges.
self[:privileges] = Array(self[:privileges]).map(&:upcase).uniq.reject{|k| k == 'GRANT' or k == 'GRANT OPTION'}.sort!
self[:privileges] = Array(self[:privileges]).map{ |priv|
# split and sort the column_privileges in the parentheses and rejoin
if priv.include?('(')
type, col=priv.strip.split(/\s+|\b/,2)
type.upcase + " (" + col.slice(1...-1).strip.split(/\s*,\s*/).sort.join(', ') + ")"
else
priv.strip.upcase
end
}.uniq.reject{|k| k == 'GRANT' or k == 'GRANT OPTION'}.sort!
end
validate do
@ -37,10 +45,6 @@ Puppet::Type.newtype(:mysql_grant) do
newproperty(:privileges, :array_matching => :all) do
desc 'Privileges for user'
munge do |value|
value.upcase
end
end
newproperty(:table) do

24
spec/unit/puppet/type/mysql_grant_spec.rb
View file

@ -47,4 +47,28 @@ describe Puppet::Type.type(:mysql_grant) do
}.to raise_error /name must match user and table parameters/
end
describe 'it should munge privileges' do
it 'to just ALL' do
@user = Puppet::Type.type(:mysql_grant).new(
:name => 'foo@localhost/*.*', :table => ['*.*','@'], :user => 'foo@localhost',
:privileges => ['ALL', 'PROXY'] )
expect(@user[:privileges]).to eq(['ALL'])
end
it 'to upcase and ordered' do
@user = Puppet::Type.type(:mysql_grant).new(
:name => 'foo@localhost/*.*', :table => ['*.*','@'], :user => 'foo@localhost',
:privileges => ['select', 'Insert'] )
expect(@user[:privileges]).to eq(['INSERT', 'SELECT'])
end
it 'ordered including column privileges' do
@user = Puppet::Type.type(:mysql_grant).new(
:name => 'foo@localhost/*.*', :table => ['*.*','@'], :user => 'foo@localhost',
:privileges => ['SELECT(Host,Address)', 'Insert'] )
expect(@user[:privileges]).to eq(['INSERT', 'SELECT (Address, Host)'])
end
end
end