opuppet/module-puppetlabs-mysql
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #276 from apenney/mysql_grant_fixes

Browse source 
Improvements to mysql_grant.
This commit is contained in:
Ashley Penney 2013-10-02 09:54:09 -07:00
commit f8af684fe0
3 changed files with 51 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
lib/puppet/provider/mysql_grant/mysql.rb
View file

@ -6,7 +6,7 @@ Puppet::Type.type(:mysql_grant).provide(:mysql, :parent => Puppet::Provider::Mys
def self.instances
instances = []
users.select{ |user| user =~ /.+@/ }.collect do |user|
user_string = "'#{user.sub('@', "'@'")}'"
user_string = self.cmd_user(user)
query = "SHOW GRANTS FOR #{user_string};"
grants = mysql([defaults_file, "-NBe", query].compact)
# Once we have the list of grants generate entries for each.
@ -50,12 +50,9 @@ Puppet::Type.type(:mysql_grant).provide(:mysql, :parent => Puppet::Provider::Mys
def grant(user, table, privileges, options)
user_string = self.class.cmd_user(user)
priv_string = self.class.cmd_privs(privileges)
# Table is optional.
if table
table_string = self.class.cmd_table(table)
end
query = "GRANT #{priv_string}"
query << " ON #{table_string}" if table
query << " ON #{table_string}"
query << " TO #{user_string}"
query << self.class.cmd_options(options) unless options.nil?
mysql([defaults_file, '-e', query].compact)

13
lib/puppet/type/mysql_grant.rb
View file

@ -20,6 +20,8 @@ Puppet::Type.newtype(:mysql_grant) do
validate do
fail('privileges parameter is required.') if self[:ensure] == :present and self[:privileges].nil?
fail('table parameter is required.') if self[:ensure] == :present and self[:table].nil?
fail('user parameter is required.') if self[:ensure] == :present and self[:user].nil?
end
newparam(:name, :namevar => true) do
@ -40,10 +42,21 @@ Puppet::Type.newtype(:mysql_grant) do
munge do |value|
value.delete("`")
end
newvalues(/.*\..*/)
end
newproperty(:user) do
desc 'User to operate on.'
validate do |value|
# https://dev.mysql.com/doc/refman/5.1/en/account-names.html
# Regex should problably be more like this: /^[`'"]?[^`'"]*[`'"]?@[`'"]?[\w%\.]+[`'"]?$/
raise(ArgumentError, "Invalid user #{value}") unless value =~ /[\w-]*@[\w%\.:]+/
username = value.split('@')[0]
if username.size > 16
raise ArgumentError, 'MySQL usernames are limited to a maximum of 16 characters'
end
end
end
newproperty(:options, :array_matching => :all) do

52
spec/system/types/mysql_grant_spec.rb
View file

@ -15,10 +15,10 @@ describe 'mysql_grant' do
describe 'missing privileges for user' do
it 'should fail' do
pp = <<-EOS
mysql_grant { 'test@tester/test.*':
mysql_grant { 'test1@tester/test.*':
ensure => 'present',
table => 'test.*',
user => 'test@tester',
user => 'test1@tester',
}
EOS
@ -28,8 +28,8 @@ describe 'mysql_grant' do
end
it 'should not find the user' do
shell("mysql -NBe \"SHOW GRANTS FOR test@tester\"") do |r|
r.stderr.should =~ /There is no such grant defined for user 'test' on host 'tester'/
shell("mysql -NBe \"SHOW GRANTS FOR test1@tester\"") do |r|
r.stderr.should =~ /There is no such grant defined for user 'test1' on host 'tester'/
r.exit_code.should eq 1
end
end
@ -46,7 +46,7 @@ describe 'mysql_grant' do
EOS
puppet_apply(pp) do |r|
r.exit_code.should eq 4
r.exit_code.should eq 1
end
end
@ -61,10 +61,10 @@ describe 'mysql_grant' do
describe 'adding privileges' do
it 'should work without errors' do
pp = <<-EOS
mysql_grant { 'test@tester/test.*':
mysql_grant { 'test2@tester/test.*':
ensure => 'present',
table => 'test.*',
user => 'test@tester',
user => 'test2@tester',
privileges => ['SELECT', 'UPDATE'],
}
EOS
@ -73,8 +73,8 @@ describe 'mysql_grant' do
end
it 'should find the user' do
shell("mysql -NBe \"SHOW GRANTS FOR test@tester\"") do |r|
r.stdout.should =~ /GRANT SELECT, UPDATE.*TO 'test'@'tester'/
shell("mysql -NBe \"SHOW GRANTS FOR test2@tester\"") do |r|
r.stdout.should =~ /GRANT SELECT, UPDATE.*TO 'test2'@'tester'/
r.stderr.should be_empty
r.exit_code.should be_zero
end
@ -84,10 +84,10 @@ describe 'mysql_grant' do
describe 'adding option' do
it 'should work without errors' do
pp = <<-EOS
mysql_grant { 'test@tester/test.*':
mysql_grant { 'test3@tester/test.*':
ensure => 'present',
table => 'test.*',
user => 'test@tester',
user => 'test3@tester',
options => ['GRANT'],
privileges => ['SELECT', 'UPDATE'],
}
@ -97,22 +97,40 @@ describe 'mysql_grant' do
end
it 'should find the user' do
shell("mysql -NBe \"SHOW GRANTS FOR test@tester\"") do |r|
r.stdout.should =~ /GRANT SELECT, UPDATE ON `test`.* TO 'test'@'tester' WITH GRANT OPTION$/
shell("mysql -NBe \"SHOW GRANTS FOR test3@tester\"") do |r|
r.stdout.should =~ /GRANT SELECT, UPDATE ON `test`.* TO 'test3'@'tester' WITH GRANT OPTION$/
r.stderr.should be_empty
r.exit_code.should be_zero
end
end
end
describe 'adding all privileges without table' do
it 'should fail' do
pp = <<-EOS
mysql_grant { 'test4@tester/test.*':
ensure => 'present',
user => 'test4@tester',
options => ['GRANT'],
privileges => ['SELECT', 'UPDATE', 'ALL'],
}
EOS
puppet_apply(pp) do |r|
r.stderr.should =~ /table parameter is required./
end
end
end
describe 'adding all privileges' do
it 'should only try to apply ALL' do
pp = <<-EOS
mysql_grant { 'test@tester/test.*':
mysql_grant { 'test4@tester/test.*':
ensure => 'present',
table => 'test.*',
user => 'test@tester',
user => 'test4@tester',
options => ['GRANT'],
privileges => ['SELECT', 'UPDATE', 'ALL'],
}
@ -122,8 +140,8 @@ describe 'mysql_grant' do
end
it 'should find the user' do
shell("mysql -NBe \"SHOW GRANTS FOR test@tester\"") do |r|
r.stdout.should =~ /GRANT ALL PRIVILEGES ON `test`.* TO 'test'@'tester' WITH GRANT OPTION/
shell("mysql -NBe \"SHOW GRANTS FOR test4@tester\"") do |r|
r.stdout.should =~ /GRANT ALL PRIVILEGES ON `test`.* TO 'test4'@'tester' WITH GRANT OPTION/
r.stderr.should be_empty
r.exit_code.should be_zero
end