Starting MariaDB 10.0.0, usernames are now 80 long.
Our mysql_user and mysql_grant types now take that into consideration.
This check is *opportunistic*. It will only take place if the
mysql_version fact is available. If that is not the case, it will be
skipped, leaving the database itself to deal with it, and returning its
error verbatim to our users, if it does fail.
Our fixed and extended tests assume this isn't the first run, and the
fact is already in place.
- There are older versions of mysql that do not support the privilege TRIGGER and need to change default to not include
http://dev.mysql.com/doc/refman/5.0/en/grant.html
'MySQL does not support the standard SQL UNDER privilege, and does not support the TRIGGER privilege until MySQL 5.1.6'
- Updated tests to have both 5.1.6 and 5.0.11 tests for mysql_version fact
This patch changes the raise_error matchers to use `catalogue` instead
of `subject` since `subject` is not evaluated the way it used to be;
changes a parameter value from empty string to nil to be compatible
with the future parser, and unpins rspec-puppet.
the recently added feature to support galera by allowing independent
creation of the root@localhost user in the DB and the /root/.my.cnf
file contains a bug.
specifically the .my.cnf file resource still requires the root@localhost
resource, even when it is not available.
this fixes the issue by making the dependency conditional.
https://tickets.puppetlabs.com/browse/MODULES-1676
This is identical to what PASSWORD('') in MySQL does:
5.6.22-debug-log> CREATE USER 'testpwd'@'localhost' IDENTIFIED BY 'foo';
Query OK, 0 rows affected (0.03 sec)
5.6.22-debug-log> SELECT User,Host,Password FROM mysql.user WHERE
User='testpwd';
+---------+-----------+-------------------------------------------+
| User | Host | Password |
+---------+-----------+-------------------------------------------+
| testpwd | localhost | *F3A2A51A9B0F2BE2468926B4132313728C250DBF |
+---------+-----------+-------------------------------------------+
1 row in set (0.01 sec)
5.6.22-debug-log> SET PASSWORD FOR 'testpwd'@'localhost' = PASSWORD('');
Query OK, 0 rows affected (0.00 sec)
5.6.22-debug-log> SELECT User,Host,Password FROM mysql.user WHERE
User='testpwd';
+---------+-----------+----------+
| User | Host | Password |
+---------+-----------+----------+
| testpwd | localhost | |
+---------+-----------+----------+
1 row in set (0.00 sec)
This uses CREATE USER xxx IDENTIFIED WITH yyy
For tests:
unix_socket is not loaded by default, so this might require:
install plugin unix_socket soname 'auth_socket.so';
The mysql_native_password plugin is available by default and
allows you to also set a password.
Try to make it compatible with MySQL < 5.5.7 it uses version
specific code with "/*!50508 stmt */"
This uses CREATE USER xxx IDENTIFIED WITH yyy
For tests:
unix_socket is not loaded by default, so this might require:
install plugin unix_socket soname 'auth_socket.so';
The mysql_native_password plugin is available by default and
allows you to also set a password.
As usernames containing special characters must be quoted, they
may have two extra characters that are not counted against the
size limit of 16 characters. This patch adds a regex to handle
this case.
Commit cdd7132ff9 added logic to catch invalid database usernames,
but the regex it uses fails to match usernames with special characters that are properly quoted,
causing errors with usernames that used to work in versions < 3.0.0. This fixes the regex so that
if the username is quoted, anything is allowed between the quotes.
From the docs (http://dev.mysql.com/doc/refman/5.5/en/identifiers.html):
"Permitted characters in quoted identifiers include the full Unicode Basic Multilingual Plane (BMP),
except U+0000"
A user might need to import several files on database creation.
Currently the module only allows the import of a single file.
This commit allows one to, from now on, import severals.
Before :
mysql::db { 'test' :
sql => '/tmp/my_import1.sql',
}
Now :
mysql::db { 'test' :
sql => [
'/tmp/my_import1.sql',
'/tmp/my_import2.sql',
]
}
As per http://dev.mysql.com/doc/refman/5.5/en/identifiers.html , MySQL
allows for more than '\w-'. This commit improves the check to ensure
that:
- if username only contains [0-9a-zA-Z$_], it might be quoted. It is
not a requirement though
- if username contains anything else, it MUST be quoted
I kept 2 checks, but the 2nd one can probably be removed (I can't find a
username which match the 2nd one but not the first.)
The backup script needs the bzcat command, which does not come
installed on RHEL 7 and Fedora hosts by default. This patch installs
the bzip2 package before attempting to run tests that use bzcat.
This allows the galera module and others to write ${::root_home}/.my.cnf
independently from create the mysql user. This is useful for cluster
setups where you want to create ${::root_home}/.my.cnf on every node
but create the user only once.
On MySQL v5.5.38, creating a database such as:
CREATE DATABASE `mydb` CHARACTER SET binary COLLATE binary;
seems to hit a parser bug. A workaround is simply to quote COLLATE
`binary`. As the quoting is harmless, and for aesthetics, quote both
the CHARACTER SET and COLLATE arguments.
Pass the backup username and password to mysql when running SHOW DATABASES in
mysqlbackup.sh if `file_per_database` is true and `backupdatabases` is empty.
This conversion is done by Transpec 2.3.6 with the following command:
transpec -f -c "bundle exec rake spec"
* 69 conversions
from: it { should ... }
to: it { is_expected.to ... }
* 48 conversions
from: obj.should
to: expect(obj).to
* 34 conversions
from: == expected
to: eq(expected)
* 4 conversions
from: it { should_not ... }
to: it { is_expected.not_to ... }
* 3 conversions
from: obj.should_not
to: expect(obj).not_to
* 2 conversions
from: lambda { }.should
to: expect { }.to
* 2 conversions
from: pending
to: skip
For more details: https://github.com/yujinakayama/transpec#supported-conversions
This commit introduces puppet_facts, a gem that allows easier testing
against PE platforms. We're using this gem to automatically parse the
metadata.json and test against appropriate versions of PE on platforms
we support.
We start by only running against centos-6-x86_64 and ubuntu 14.04 on a
regular basis but this is implemented as an ENV so it can be overwritten
by CI systems to test against all PE platforms.
Check for database existence when dropping to prevent
ERROR 1008 (HY000): Can't drop database 'test'; database doesn't exist
Signed-off-by: Ray Lehtiniemi <rayl@mail.com>
CentOS Project has adopted a new rule for versioning numbers. The major number
matches the RHEL major number, but the minor number is generated from the
release date. For example, CentOS 7.0.1406.
Uses $::operatingsystemmajrelease instead of $::operatingsystemrelease for
avoiding issue like "Comparison of String with 7 failed" for CentOS 7.
Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
In the grant provider users are fetched by querying mysql.user table. Grants
for those users are fetched using show grants for... syntax. This can lead to
errors, when some of the users in mysql.user table do not have currently
active grants.
This happens at least when MySQL is started with --skip-name-resolve option,
when there are users with the hostname part specified as a FQDN. Such users are
created by mysql_install_db. This leads to problems if mysql::account_security
is included for the node and skip-name-resolve is specified in override_options
hash for mysql::server.
Includes acceptance test for the change.
Fix acceptance test for bindings to use correct parameter names, when
instantiating mysql::bindings class. Fix client and server dev package names
for couple of distros.
This addresses https://tickets.puppetlabs.com/browse/MODULES-1040.
The user parameter is required to have the form username@host. A grant
is identified in the instances method by a name of the form
username@host/table. The resource will fail to be identified as already
existing if the name given to the resource does not match this form.
MySQL/MariaDB automatically downcase hostnames:
MariaDB [mysql]> create user 'testuser'@'HOSTNAME';
MariaDB [mysql]> select user,host from user where host = 'hostname';
+----------+----------+
| user | host |
+----------+----------+
| testuser | hostname |
+----------+----------+
This causes problems when a mysql_user or datbase_user has an hostname
with non-lowercase characters:
database_user { "root@HOSTNAME":
ensure => absent,
}
The SELECT statements used to determine if the user exists will fail
because the comparisons use "HOSTNAME" but the database has "hostname".
This patch forces the hostname part of "user@hostname" to lower case in
the custom type definitions.
Hardcoded path provided by puppet is now replaced by providing only the final directory as on
most systems includedir is provided by package and it's matter of user to provide it if he
wants to override it. This also allows disabling including at all.
Existing EPEL addition in spec_helper_acceptance wasn't actually working, so pulled in stahnma-epel and applied that in the bindings test, since that's the only place it's actually required.
The following error occured:
mysqldump: Couldn't execute 'SELECT /*!40001 SQL_NO_CACHE */ * FROM `INNODB_BUFFER_PAGE`': Access denied; you need (at least one of) the PROCESS privilege(s) for this operation (1227)
When defining the mysql::db as exported resources, there are chances that the
same resource names are defined across the site, which will cause puppet agent
fail. By adding an optional dbname parameter, default to the $name, it allows the
resouce name to be defined differently, e.g. ${dbname}_${domain}.
Also updated test and docs for dbname parameter and add acceptance test for
dbname parameter feature
