Commit graph

81 commits

Author SHA1 Message Date
Morgan Haskel
f92a24ef3d MODULES-1520 - update username validation
Don't fail on validation where the user isn't quoted with special
characters. The providers quote these strings by default.
2014-12-31 11:50:48 -08:00
Morgan Haskel
a611686530 Fix issues introduced in puppetlabs/puppetlabs-mysql#612
The regex updates caused failures in some places where it previously
(correctly) worked.
2014-12-12 17:36:46 -08:00
Sébastien Lavoie
60838a5837 Reworked all identifier quoting detections
Otherwise, trying to manage `debian-sys-maint` will fail miserably, quoted or not.

Fixes #609
2014-11-27 12:47:09 -05:00
Michael Chapman
fe0365e80d Support size 15 and 16 quoted usernames
As usernames containing special characters must be quoted, they
may have two extra characters that are not counted against the
size limit of 16 characters. This patch adds a regex to handle
this case.
2014-11-20 17:23:11 +11:00
Mason Malone
4f0d4311d9 Fix regression in username validation
Commit cdd7132ff9 added logic to catch invalid database usernames,
but the regex it uses fails to match usernames with special characters that are properly quoted,
causing errors with usernames that used to work in versions < 3.0.0. This fixes the regex so that
if the username is quoted, anything is allowed between the quotes.

From the docs (http://dev.mysql.com/doc/refman/5.5/en/identifiers.html):
"Permitted characters in quoted identifiers include the full Unicode Basic Multilingual Plane (BMP),
except U+0000"
2014-11-13 18:18:02 -05:00
Igor Galić
8dd37aea3a Merge pull request #594 from skroll/escape_backslash
Fix escaped backslashes in grants
2014-11-07 15:23:52 +01:00
Maxence Dunnewind
cdd7132ff9 Improve checks for MySQL user's name.
As per http://dev.mysql.com/doc/refman/5.5/en/identifiers.html , MySQL
allows for more than '\w-'. This commit improves the check to ensure
that:
 - if username only contains [0-9a-zA-Z$_], it might be quoted. It is
   not a requirement though
 - if username contains anything else, it MUST be quoted

I kept 2 checks, but the 2nd one can probably be removed (I can't find a
username which match the 2nd one but not the first.)
2014-11-06 08:51:07 +01:00
Scott Kroll
9dbdd89c7a Fix escaped backslashes in grants
* Mysql uses the underscore character to represent a single character
  wildcard.
* A grant on table `the_database`.* would match `theAdatabase`.*, so
  underscores must be escaped to avoid this match.
* The output from mysql escapes special characters (\n, \t, \0, and \\),
  but the input does not need to be escaped.
* In order for the provider to compare the tables, the output of
  mysql -NBe <query> must have \\ substituted with \.
2014-11-05 14:53:14 -05:00
Igor Galić
40dd180588 Merge pull request #571 from jtopper/master
[MODULES-1333] Add explicit dependencies for mysql_database and mysql_user types
2014-10-28 16:14:59 +01:00
Maxence Dunnewind
46065c4095 The old regex requires something after the 'host' part. Fix this.
Old regex is : /^GRANT\s(.+)\sON\s(.+)\sTO\s(.*)@(.*?)(\s.*)$/ . The
last part (\s.*)$ means "a space followed by anything". The issue is
that when user has no GRANT privileges, the "SHOW GRANTS FOR #{user_string}" returns
"GRANT SELECT ON `database`.* TO 'user'@'%'" which does not match (\s.*)$ .
This small patch fixes this making last bloc optional (thanks to '?').
2014-10-27 16:41:33 +01:00
Igor Galić
400d3b29cf Merge pull request #570 from fnerdwq/mysql_grant_column_privs
(MODULES-552) Add capability to specify column_privileges
2014-10-07 15:46:08 +02:00
Frederik Wagner
f88719b52f (MODULES-552) Add capability to specify column_privileges 2014-10-06 08:11:01 +02:00
Jon Topper
c4d45c3eb5 Add explicit dependencies for types
mysql_grant has an autorequire()'d dependency on the .my.cnf file used
by the provider to talk to the database.

I've added this to mysql_database and mysql_user too since logically
these also need the file to be in place.

I've hit this bug because of a slightly unusual edge case in our own
manifests, but I think this fix belongs upstream regardless.
2014-09-16 15:46:13 +01:00
Igor Galić
443ff061ea Merge pull request #569 from fnerdwq/mysql_grant_revokation
(MODULES-1330) Change order of revokation.
2014-09-16 15:02:13 +02:00
Frederik Wagner
bbbc6cd446 (MODULES-1330) Change order of revokation 2014-09-16 14:06:26 +02:00
Matthew Monaco
d986a87558 mysql_database: prevent syntax error with collate=>'binary'
On MySQL v5.5.38, creating a database such as:

	CREATE DATABASE `mydb` CHARACTER SET binary COLLATE binary;

seems to hit a parser bug. A workaround is simply to quote COLLATE
`binary`. As the quoting is harmless, and for aesthetics, quote both
the CHARACTER SET and COLLATE arguments.
2014-09-15 23:22:59 -06:00
Ashley Penney
bb205ad2f0 Remove all the deprecated code. 2014-08-08 14:13:22 -04:00
Ray Lehtiniemi
548952a6f9 Prevent ERROR 1008 in mysql_database provider
Check for database existence when dropping to prevent

  ERROR 1008 (HY000): Can't drop database 'test'; database doesn't exist

Signed-off-by: Ray Lehtiniemi <rayl@mail.com>
2014-07-23 21:41:16 -06:00
jsosic
356672342e Fix problem with GRANT not recognizing backslash
If database grant has backslash in database name (for example: example\_dev), then puppet will try to apply same resource every run because MySQL reports that table name with double backslash (for example: example\\_dev). By global replace of double backslash with single one, this issue is fixed.
2014-07-13 04:01:53 +02:00
Jaakko
3cfbb581cc Change grant provider to ignore grants for non existing users.
In the grant provider users are fetched by querying mysql.user table. Grants
for those users are fetched using show grants for... syntax. This can lead to
errors, when some of the users in mysql.user table do not have currently
active grants.

This happens at least when MySQL is started with --skip-name-resolve option,
when there are users with the hostname part specified as a FQDN. Such users are
created by mysql_install_db. This leads to problems if mysql::account_security
is included for the node and skip-name-resolve is specified in override_options
hash for mysql::server.

Includes acceptance test for the change.
2014-06-17 13:07:56 +02:00
Ashley Penney
d884e2fc1e Merge pull request #522 from cmurphy/fix_mysql_grant_MODULES-1040
Require title of mysql_grant resource to match form user/table
2014-06-05 13:07:40 -04:00
Colleen Murphy
07b661dcea Require title of mysql_grant resource to match form user/table
This addresses https://tickets.puppetlabs.com/browse/MODULES-1040.
The user parameter is required to have the form username@host. A grant
is identified in the instances method by a name of the form
username@host/table. The resource will fail to be identified as already
existing if the name given to the resource does not match this form.
2014-06-04 10:44:36 -07:00
Lars Kellogg-Stedman
0afb8f09e8 lowercase hostname values in qualified usernames
MySQL/MariaDB automatically downcase hostnames:

  MariaDB [mysql]> create user 'testuser'@'HOSTNAME';
  MariaDB [mysql]> select user,host from user where host = 'hostname';
  +----------+----------+
  | user     | host     |
  +----------+----------+
  | testuser | hostname |
  +----------+----------+

This causes problems when a mysql_user or datbase_user has an hostname
with non-lowercase characters:

  database_user { "root@HOSTNAME":
    ensure => absent,
  }

The SELECT statements used to determine if the user exists will fail
because the comparisons use "HOSTNAME" but the database has "hostname".
This patch forces the hostname part of "user@hostname" to lower case in
the custom type definitions.
2014-06-04 09:30:45 -04:00
Ashley Penney
30ce3e0e12 Repair this by ensuring calls to mysql include the database name.
A prior commit accidently broke this, meaning that mysql_database
was querying the mysql defaults instead of each individual database
when trying to determine the current collate settings.
2014-02-18 14:38:21 -05:00
Igor Galić
c747ea7ab5 Merge pull request #422 from stevesaliman/master
fixed a quoting problem with the mysql_database provider
2014-01-25 03:50:23 -08:00
Jim Radford
16baff686c mysql_deepmerge should treat underscore and dash equivalently, as mysql does 2014-01-23 22:41:58 -08:00
Steve Saliman
21aca48e02 fixed a problem with the mysql_database provider 2014-01-22 12:44:59 -07:00
Dejan Golja
ce7b661f10 Bugfix for mysql_grant provider when we try to grant remove privileges
on PROCEDURE. Resolve for bug https://tickets.puppetlabs.com/browse/MODULES-130
(https://github.com/puppetlabs/puppetlabs-mysql/issues/378)
2014-01-20 23:56:26 +11:00
Srinath M
1cc07977c5 Added [if not exists] to [create database] clause.
this should avoid errors like:
ERROR 1007 (HY000): Can't create database 'MyDB'; database exists

This error can cause a multi-master replication to stop due to conflicting
commands between nodes. For  example, if the command create DB is run in
 different nodes and then they will send it in the replication logs to each
other and then they will try to run them second time and fail.
2013-12-15 21:47:10 -05:00
Reinhard Vicinus
07c3b76eb9 mysql_grant bugfix: remove duplicate privileges and GRANT privilege, otherwise the resource gets changed every puppet run 2013-12-11 13:17:52 +01:00
Reinhard Vicinus
9de42ac43e mysql_grant bugfix: REVOKE ALL PRIVILEGES doesn't revoke GRANT OPTION 2013-12-11 13:16:14 +01:00
Reinhard Vicinus
f5a78f1c5f mysql_grant bugfix: on table *.* SHOW GRANT can return 'WITH MAX_QUERIES_PER_HOUR' which breaks the captures on the match 2013-12-11 13:15:21 +01:00
Tamas Szasz
aee0e01d81 Type mysql_grant was limited to work only with resource names foo@localhost/*.* or foo@localhost/bar.* but NOT with root@localhost/@ which is the parsed value of "GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION" grant line.
New spec test was created for the type mysql_grant.rb
2013-11-16 19:11:39 +01:00
Tamas Szasz
fbfc5d831f defaults_file methods removed from every provider (old & new) and moved
the method to the global mysql.rb which is now included in every provider
file.

Class from the global mysql.rb file is a parent of every provider.
2013-11-16 19:09:09 +01:00
Tamas Szasz
4ac8879734 Fixed missing parent for global mysql class
Added "require" to the global mysql.rb file like in the other provider files.

defaults-file changed to defaults-extra-file in all the database_* (old) providers, the same as in the mysql_* providers.

Changed defaults-file to defaults-extra-file in all test files
2013-11-12 21:32:41 +01:00
w32-blaster
e315ee96d0 Changed defaults-file to defaults-extra-file
Should load the .my.cnf file with "--defaults-extra-file" instead of "--defaults-file". This is necessary if we have global my.cnf file but we want to use both of them.
2013-11-11 18:48:00 +01:00
Igor Galić
1afa6571fb database_user gives the wrong deprecation warning
This appears to have been a bad copy/paste error.
Reported by @vicinus, this should fix #344
2013-10-30 23:18:00 +01:00
Ashley Penney
d271ab5f76 Fix an issue with lowercase privileges.
This fixes the case where a user passes in lowercase privileges and
we incorrectly assume this means a change and reapply them.
2013-10-28 12:44:48 -04:00
Ashley Penney
c6647c46b3 Fix ordering causing mysql_grant to reapply.
Because arrays are ordered lists, Puppet compares the list of retrieved
privileges against the defined privilege list.  This causes it to
reapply privilege if the ordering differs.  We now forcibly order in
the type and the provider to make sure we never falsely reapply
privileges.
2013-10-20 12:40:18 -04:00
Ashley Penney
09f42c8bb3 Further improvements to our matching - stop trying to guess what
might be the username or hostname and just match the entire thing
no matter what it may be.
2013-10-10 13:48:24 -07:00
Ashley Penney
93aab36804 Previously we were matching to ensure that usernames matched
user@host but MySQL allows you to use @host with a blank user.

No longer .select but allow all and remove these successfully.
2013-10-08 10:12:46 -07:00
Ashley Penney
cc51d7ad7d Improve mysql_grant to work with IPv6.
This work attempts to improve the situation for matching IPv6
IP addresses, as the previous regex couldn't handle them properly.
2013-10-07 11:57:02 -07:00
Ashley Penney
f8af684fe0 Merge pull request #276 from apenney/mysql_grant_fixes
Improvements to mysql_grant.
2013-10-02 09:54:09 -07:00
Nate Riffe
aef9fd0912 Add collation with the create statement 2013-09-29 09:39:06 -05:00
Justin Burnham
1b4a486bf9 Fixes issue #274 by using recursive hash merge. 2013-09-25 10:38:08 -07:00
Ashley Penney
003d5b3c6a Improvements to mysql_grant.
Ensure that table and user are required properties, as well as remove
the optional table handling in the provider and enforce it.
2013-09-24 15:37:11 -04:00
Ashley Penney
a972e4d3a0 Merge pull request #258 from apenney/refactor
Completely redesign the MySQL module.
2013-09-23 14:05:08 -07:00
Pan
58b7dc2c87 Add quote to username and host in mysql_grant constructor
The quote is need for username and host in mysql grant. revoke and grant function is already doing it with cmd_user(). not sure why the constructor didn't do it. This patch fixed #261 and #262.
2013-09-18 17:04:36 -07:00
Ashley Penney
4d6962e868 Various adjustments to classes to align with refactored work.
Handful of changes here, such as removing flush (so that mysql_user
can be used for root password changes) and other tweaks here.

Add time option to mysql::backup.
2013-09-13 13:14:48 -04:00
Ashley Penney
6a733e9503 Add a new function, mysql_strip_hash()
This is used in the backwards compatibility code in init.pp.
2013-09-13 13:10:21 -04:00