From 6f1d6ff4e9141a6b1363da0b08fc8c5c2b6237ab Mon Sep 17 00:00:00 2001 From: Dan Schaefer Date: Mon, 4 Nov 2013 09:18:08 -0500 Subject: [PATCH 1/3] Adding support for IP/netmask notation for users and grants --- manifests/grant.pp | 6 ++++-- manifests/user.pp | 3 ++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/manifests/grant.pp b/manifests/grant.pp index 6be6ee1..a32ddd5 100644 --- a/manifests/grant.pp +++ b/manifests/grant.pp @@ -50,9 +50,11 @@ default => "`${dbname}`", } + $nice_mysql_host = regsubst($mysql_host, '/', '_') + $mysql_grant_file = $dbname ? { - /^(\*|%)$/ => "mysqlgrant-${mysql_user}-${mysql_host}-all.sql", - default => "mysqlgrant-${mysql_user}-${mysql_host}-${dbname}.sql", + /^(\*|%)$/ => "mysqlgrant-${mysql_user}-${nice_mysql_host}-all.sql", + default => "mysqlgrant-${mysql_user}-${nice_mysql_host}-${dbname}.sql", } # If dbname has a wildcard, we don't want to create anything diff --git a/manifests/user.pp b/manifests/user.pp index c5a110a..56e0356 100644 --- a/manifests/user.pp +++ b/manifests/user.pp @@ -18,7 +18,8 @@ } } - $mysql_grant_file = "mysqluser-${mysql_user}-${mysql_host}.sql" + $nice_mysql_host = regsubst($mysql_host, '/', '_') + $mysql_grant_file = "mysqluser-${mysql_user}-${nice_mysql_host}.sql" file { $mysql_grant_file: ensure => present, From af8adf181966093d21a836e3668d245772e8cb5d Mon Sep 17 00:00:00 2001 From: Dan Schaefer Date: Mon, 4 Nov 2013 09:29:11 -0500 Subject: [PATCH 2/3] Other resources names using now use --- manifests/grant.pp | 6 +++--- manifests/user.pp | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/grant.pp b/manifests/grant.pp index a32ddd5..82323a8 100644 --- a/manifests/grant.pp +++ b/manifests/grant.pp @@ -93,7 +93,7 @@ } - exec { "mysqlgrant-${mysql_user}-${mysql_host}-${dbname}": + exec { "mysqlgrant-${mysql_user}-${nice_mysql_host}-${dbname}": command => $exec_command, require => $exec_require, subscribe => File[$mysql_grant_file], @@ -102,13 +102,13 @@ } if $mysql_db_init_query_file != '' and $mysql_create_db == true { - mysql::queryfile { "mysql_db_init_query_file-${mysql_host}-${dbname}": + mysql::queryfile { "mysql_db_init_query_file-${nice_mysql_host}-${dbname}": mysql_file => $mysql_db_init_query_file, mysql_user => $mysql_user, mysql_password => $mysql_password, mysql_db => $mysql_db, mysql_host => $mysql_host, - subscribe => Exec["mysqlgrant-${mysql_user}-${mysql_host}-${dbname}"], + subscribe => Exec["mysqlgrant-${mysql_user}-${nice_mysql_host}-${dbname}"], } } } diff --git a/manifests/user.pp b/manifests/user.pp index 56e0356..52af1ad 100644 --- a/manifests/user.pp +++ b/manifests/user.pp @@ -30,7 +30,7 @@ content => template('mysql/user.erb'), } - exec { "mysqluser-${mysql_user}-${mysql_host}": + exec { "mysqluser-${mysql_user}-${nice_mysql_host}": command => "mysql --defaults-file=/root/.my.cnf -uroot < ${mysql_grant_filepath}/${mysql_grant_file}", require => [ Service['mysql'], File['/root/.my.cnf'] ], subscribe => File[$mysql_grant_file], From be13c74b16118ac84c775263b7c789839f7ddf58 Mon Sep 17 00:00:00 2001 From: Dan Schaefer Date: Mon, 4 Nov 2013 09:35:19 -0500 Subject: [PATCH 3/3] Adding a test for an IP subnet grant --- spec/defines/grant_spec.rb | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/spec/defines/grant_spec.rb b/spec/defines/grant_spec.rb index b8dd741..6bcd34c 100644 --- a/spec/defines/grant_spec.rb +++ b/spec/defines/grant_spec.rb @@ -96,4 +96,18 @@ FLUSH PRIVILEGES ; ") } end + + describe 'Test grant all privileges on all databases (*) in an IP subnet. Should not create the databases' do + let(:facts) { { :mysql_root_password => 'rootpassword' } } + let(:params) { { :name => 'sample1', + :mysql_db => '*', + :mysql_host => '10.42.42.0/255.255.255.0', + :mysql_user => 'someuser', + :mysql_password => 'somepassword', } } + it { should contain_file('mysqlgrant-someuser-10.42.42.0_255.255.255.0-all.sql').with_content("# This file is managed by Puppet. DO NOT EDIT. +GRANT ALL ON *.* TO 'someuser'@'10.42.42.0/255.255.255.0' IDENTIFIED BY 'somepassword'; +FLUSH PRIVILEGES ; +") } + it { should contain_exec('mysqlgrant-someuser-10.42.42.0_255.255.255.0-*').with_command('mysql --defaults-file=/root/.my.cnf -uroot < /root/puppet-mysql/mysqlgrant-someuser-10.42.42.0_255.255.255.0-all.sql') } + end end