The mysql database_grant provider currently has what is arguably a heinous
design flaw. At present:
1. The 'privileges' parameter for the database_grant type, mysql provider,
does not expect the same syntax as the mysql Grant command ('SELECT',
'UPDATE', 'DELETE', etc). Rather, it expects the user to supply column
names used to store raw grants in the mysql.db or mysql.user tables
internally ('Select_priv', 'Update_priv', 'Delete_priv', etc).
2. If a user supplies `privileges => [ 'SELECT', 'INSERT' ]` instead of
`privileges => [ 'Select_priv', 'Insert_priv' ]`, the provider fails
silently and will continuously attempt to update the privileges with
each successive puppet run. In the specific example provided, all privs
for the user/db will be set to false since e.g. 'INSERT' does not match
any valid privilege.
Unfortunately it doesn't look simple to modify the provider such that the
intuitive SELECT, DELETE, etc. keywords can be used without changing
existing behavior. Leaving that alone for now, it *is* pretty simple to add
a validation function that will at least fail cleanly if non-functional
privilege values are supplied that don't mean anything to the provider. If
the user is trying to use valid MySQL Grant syntax, the new validation
procedure will recognize this and suggest a correction. Hopefully giving
users this kind of warning will clue them in to what kind of input the
provider expects.
The incorrect regex did not all for the anonymous mysql users to be
removed via the mysql::server::account_security class. The regex is now
increased to cover for @localhost and @%.
This commit fixes an issue in self.instances of
database_user where none of the users were actually
being detected.
There was a accidental '\' in front of the '.' which
means that it will only consider users that have
one or more '.' in front of the '@'.
This commit removes the '\' so that all users are
returned that have one or more characters in from
of an '@'.
This is a major change to the module and would be released as a new
version.
* Add self.instances to database and database_user for puppet resource.
* Update database provider to use flush method.
* Update module to conform to puppet-lint recommendations.
* Cleanup some unecessary logic in mysql::db define type.
* Move mysql_restart to config class.
* Use class to class dependency instead of resource dependency.
* Change appropriate rspec-puppet tests.
* Add fixtures directory to simplify testing.
* Update raketask and spec_helper to reflect fixture changes.
* Update mysql_password function to support validation.
* Move client installation to a separate class.
* Update documentation and readme.
These were missing from the list of allowed privileges:
* event_priv
* trigger_priv
No rspec changes, as we don't even have basic coverage on these providers and
its a minor change so should be low risk.