Merge pull request #276 from apenney/mysql_grant_fixes
Improvements to mysql_grant.
This commit is contained in:
commit
f8af684fe0
3 changed files with 51 additions and 23 deletions
|
@ -6,7 +6,7 @@ Puppet::Type.type(:mysql_grant).provide(:mysql, :parent => Puppet::Provider::Mys
|
|||
def self.instances
|
||||
instances = []
|
||||
users.select{ |user| user =~ /.+@/ }.collect do |user|
|
||||
user_string = "'#{user.sub('@', "'@'")}'"
|
||||
user_string = self.cmd_user(user)
|
||||
query = "SHOW GRANTS FOR #{user_string};"
|
||||
grants = mysql([defaults_file, "-NBe", query].compact)
|
||||
# Once we have the list of grants generate entries for each.
|
||||
|
@ -50,12 +50,9 @@ Puppet::Type.type(:mysql_grant).provide(:mysql, :parent => Puppet::Provider::Mys
|
|||
def grant(user, table, privileges, options)
|
||||
user_string = self.class.cmd_user(user)
|
||||
priv_string = self.class.cmd_privs(privileges)
|
||||
# Table is optional.
|
||||
if table
|
||||
table_string = self.class.cmd_table(table)
|
||||
end
|
||||
table_string = self.class.cmd_table(table)
|
||||
query = "GRANT #{priv_string}"
|
||||
query << " ON #{table_string}" if table
|
||||
query << " ON #{table_string}"
|
||||
query << " TO #{user_string}"
|
||||
query << self.class.cmd_options(options) unless options.nil?
|
||||
mysql([defaults_file, '-e', query].compact)
|
||||
|
|
|
@ -20,6 +20,8 @@ Puppet::Type.newtype(:mysql_grant) do
|
|||
|
||||
validate do
|
||||
fail('privileges parameter is required.') if self[:ensure] == :present and self[:privileges].nil?
|
||||
fail('table parameter is required.') if self[:ensure] == :present and self[:table].nil?
|
||||
fail('user parameter is required.') if self[:ensure] == :present and self[:user].nil?
|
||||
end
|
||||
|
||||
newparam(:name, :namevar => true) do
|
||||
|
@ -40,10 +42,21 @@ Puppet::Type.newtype(:mysql_grant) do
|
|||
munge do |value|
|
||||
value.delete("`")
|
||||
end
|
||||
|
||||
newvalues(/.*\..*/)
|
||||
end
|
||||
|
||||
newproperty(:user) do
|
||||
desc 'User to operate on.'
|
||||
validate do |value|
|
||||
# https://dev.mysql.com/doc/refman/5.1/en/account-names.html
|
||||
# Regex should problably be more like this: /^[`'"]?[^`'"]*[`'"]?@[`'"]?[\w%\.]+[`'"]?$/
|
||||
raise(ArgumentError, "Invalid user #{value}") unless value =~ /[\w-]*@[\w%\.:]+/
|
||||
username = value.split('@')[0]
|
||||
if username.size > 16
|
||||
raise ArgumentError, 'MySQL usernames are limited to a maximum of 16 characters'
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
newproperty(:options, :array_matching => :all) do
|
||||
|
|
|
@ -15,10 +15,10 @@ describe 'mysql_grant' do
|
|||
describe 'missing privileges for user' do
|
||||
it 'should fail' do
|
||||
pp = <<-EOS
|
||||
mysql_grant { 'test@tester/test.*':
|
||||
mysql_grant { 'test1@tester/test.*':
|
||||
ensure => 'present',
|
||||
table => 'test.*',
|
||||
user => 'test@tester',
|
||||
user => 'test1@tester',
|
||||
}
|
||||
EOS
|
||||
|
||||
|
@ -28,8 +28,8 @@ describe 'mysql_grant' do
|
|||
end
|
||||
|
||||
it 'should not find the user' do
|
||||
shell("mysql -NBe \"SHOW GRANTS FOR test@tester\"") do |r|
|
||||
r.stderr.should =~ /There is no such grant defined for user 'test' on host 'tester'/
|
||||
shell("mysql -NBe \"SHOW GRANTS FOR test1@tester\"") do |r|
|
||||
r.stderr.should =~ /There is no such grant defined for user 'test1' on host 'tester'/
|
||||
r.exit_code.should eq 1
|
||||
end
|
||||
end
|
||||
|
@ -46,7 +46,7 @@ describe 'mysql_grant' do
|
|||
EOS
|
||||
|
||||
puppet_apply(pp) do |r|
|
||||
r.exit_code.should eq 4
|
||||
r.exit_code.should eq 1
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -61,10 +61,10 @@ describe 'mysql_grant' do
|
|||
describe 'adding privileges' do
|
||||
it 'should work without errors' do
|
||||
pp = <<-EOS
|
||||
mysql_grant { 'test@tester/test.*':
|
||||
mysql_grant { 'test2@tester/test.*':
|
||||
ensure => 'present',
|
||||
table => 'test.*',
|
||||
user => 'test@tester',
|
||||
user => 'test2@tester',
|
||||
privileges => ['SELECT', 'UPDATE'],
|
||||
}
|
||||
EOS
|
||||
|
@ -73,8 +73,8 @@ describe 'mysql_grant' do
|
|||
end
|
||||
|
||||
it 'should find the user' do
|
||||
shell("mysql -NBe \"SHOW GRANTS FOR test@tester\"") do |r|
|
||||
r.stdout.should =~ /GRANT SELECT, UPDATE.*TO 'test'@'tester'/
|
||||
shell("mysql -NBe \"SHOW GRANTS FOR test2@tester\"") do |r|
|
||||
r.stdout.should =~ /GRANT SELECT, UPDATE.*TO 'test2'@'tester'/
|
||||
r.stderr.should be_empty
|
||||
r.exit_code.should be_zero
|
||||
end
|
||||
|
@ -84,10 +84,10 @@ describe 'mysql_grant' do
|
|||
describe 'adding option' do
|
||||
it 'should work without errors' do
|
||||
pp = <<-EOS
|
||||
mysql_grant { 'test@tester/test.*':
|
||||
mysql_grant { 'test3@tester/test.*':
|
||||
ensure => 'present',
|
||||
table => 'test.*',
|
||||
user => 'test@tester',
|
||||
user => 'test3@tester',
|
||||
options => ['GRANT'],
|
||||
privileges => ['SELECT', 'UPDATE'],
|
||||
}
|
||||
|
@ -97,22 +97,40 @@ describe 'mysql_grant' do
|
|||
end
|
||||
|
||||
it 'should find the user' do
|
||||
shell("mysql -NBe \"SHOW GRANTS FOR test@tester\"") do |r|
|
||||
r.stdout.should =~ /GRANT SELECT, UPDATE ON `test`.* TO 'test'@'tester' WITH GRANT OPTION$/
|
||||
shell("mysql -NBe \"SHOW GRANTS FOR test3@tester\"") do |r|
|
||||
r.stdout.should =~ /GRANT SELECT, UPDATE ON `test`.* TO 'test3'@'tester' WITH GRANT OPTION$/
|
||||
r.stderr.should be_empty
|
||||
r.exit_code.should be_zero
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'adding all privileges without table' do
|
||||
it 'should fail' do
|
||||
pp = <<-EOS
|
||||
mysql_grant { 'test4@tester/test.*':
|
||||
ensure => 'present',
|
||||
user => 'test4@tester',
|
||||
options => ['GRANT'],
|
||||
privileges => ['SELECT', 'UPDATE', 'ALL'],
|
||||
}
|
||||
EOS
|
||||
|
||||
puppet_apply(pp) do |r|
|
||||
r.stderr.should =~ /table parameter is required./
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
||||
describe 'adding all privileges' do
|
||||
it 'should only try to apply ALL' do
|
||||
pp = <<-EOS
|
||||
mysql_grant { 'test@tester/test.*':
|
||||
mysql_grant { 'test4@tester/test.*':
|
||||
ensure => 'present',
|
||||
table => 'test.*',
|
||||
user => 'test@tester',
|
||||
user => 'test4@tester',
|
||||
options => ['GRANT'],
|
||||
privileges => ['SELECT', 'UPDATE', 'ALL'],
|
||||
}
|
||||
|
@ -122,8 +140,8 @@ describe 'mysql_grant' do
|
|||
end
|
||||
|
||||
it 'should find the user' do
|
||||
shell("mysql -NBe \"SHOW GRANTS FOR test@tester\"") do |r|
|
||||
r.stdout.should =~ /GRANT ALL PRIVILEGES ON `test`.* TO 'test'@'tester' WITH GRANT OPTION/
|
||||
shell("mysql -NBe \"SHOW GRANTS FOR test4@tester\"") do |r|
|
||||
r.stdout.should =~ /GRANT ALL PRIVILEGES ON `test`.* TO 'test4'@'tester' WITH GRANT OPTION/
|
||||
r.stderr.should be_empty
|
||||
r.exit_code.should be_zero
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue