Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mysql grant fixes #391

Merged
merged 3 commits into from Dec 11, 2013
Merged

Mysql grant fixes #391

merged 3 commits into from Dec 11, 2013

Conversation

vicinus
Copy link

@vicinus vicinus commented Dec 11, 2013

a new try to get the following merged:

1.) mysql 'REVOKE ALL PRIVILEGES [..]' doesn't revoke the 'GRANT OPTION' privilege, which means that the 'GRANT OPTION' privilege can't be removed

2.) valid mysql syntax is 'GRANT SELECT, SELECT, GRANT OPTION, SELECT ON [..]', which means, that if duplicate privileges and 'GRANT OPTION' privileges are not removed from the privileges array, the mysql_grant is done every puppet run.

3.) 'SHOW GRANTS ON . [..]' can return ' [..] WITH MAX_USER_CONNECTIONS [..]' which results in the error message:

Error: Could not prefetch mysql_grant provider 'mysql': undefined method `captures' for nil:NilClass

because the match (match(/WITH\s(.*)\sOPTION$/)) doesn't match and the following "captures" fails therefore.

apenney pushed a commit that referenced this pull request Dec 11, 2013
Merge pull request #391 from vicinus/mysql_grant_fixes
50f0ef8 
Mysql grant fixes
@apenney apenney merged commit 50f0ef8 into puppetlabs:master Dec 11, 2013
@apenney
Copy link
Contributor

apenney commented Dec 11, 2013

Thanks for these! I appreciate you taking the time to make the new PR and getting them in. MySQL privileges give me nightmares at this point. :)

@vicinus
Copy link
Author

vicinus commented Dec 11, 2013

Yeah, and I have a ton more MySQL privilege issues, were I still trying to figure out how to handle them best.

For example if you try to use the puppet resources type to ensure that only with puppet configured grants exists, then you need to add a grant for the grant used in /root/.my.cnf. But the first thing that happens is, that the grand is revoked and puppet and you get locked out from your databases...

Or "SHOW GRANTS FOR root@localhost;" on mysql 5.6 results in:

GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD 'xxx' WITH GRANT OPTION
GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION

which creates a nice resource with table name:'@' which can't be handled by the existing puppet mysql implementation.

So I fear there are a lot more nightmares out there :-/

@vicinus vicinus deleted the mysql_grant_fixes branch December 11, 2013 15:37
@apenney
Copy link
Contributor

apenney commented Dec 11, 2013

The entire thing is an absolute nightmare to model in Puppet. I waver back and forth between "should we give up and just pass SQL strings in because honestly..". Everytime I think I'm making progress I find another weird edge case that blows up. I guess what I really need is more test cases for the acceptance tests to try and catch all of these. :/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bugfix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@vicinus @apenney @LukasAud @rvicinus