Skip to content

Use root credentials explicitly #92

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 11 commits into from
Closed

Use root credentials explicitly #92

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
0bbb207
Use root's credentials when executing mysql. This is necessary when …
inkblot May 2, 2012
514e07d
Merge remote-tracking branch 'puppetlabs/master' into root_credentials
nprbsg Aug 7, 2012
531a4fb
Add explicit defaults file to more invocations
nprbsg Aug 7, 2012
94ace33
Use the facter value roothome
nprbsg Aug 7, 2012
4e7ef32
Change :roothome to :root_home
nprbsg Aug 7, 2012
505bb68
Merge remote-tracking branch 'puppetlabs/master'
nprbsg Aug 16, 2012
c528e79
Get rid of spacing and use double quotes
nprbsg Aug 21, 2012
973b5be
Need to specify a database
nprbsg Aug 21, 2012
62ccd02
Fix up the expectations to match new calls
inkblot Aug 30, 2012
0f992c8
Fail the test
inkblot Aug 30, 2012
815847a
Stub the $root_home fact
hunner Aug 30, 2012
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions lib/puppet/provider/database/mysql.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,30 +8,30 @@
optional_commands :mysqladmin => 'mysqladmin'

def self.instances
mysql('-NBe', "show databases").split("\n").collect do |name|
mysql("--defaults-file=#{Facter.value(:root_home)}/.my.cnf", '-NBe', "show databases").split("\n").collect do |name|
new(:name => name)
end
end

def create
mysql('-NBe', "create database `#{@resource[:name]}` character set #{resource[:charset]}")
mysql("--defaults-file=#{Facter.value(:root_home)}/.my.cnf", '-NBe', "create database `#{@resource[:name]}` character set #{resource[:charset]}")
end

def destroy
mysqladmin('-f', 'drop', @resource[:name])
mysqladmin("--defaults-file=#{Facter.value(:root_home)}/.my.cnf", '-f', 'drop', @resource[:name])
end

def charset
mysql('-NBe', "show create database `#{resource[:name]}`").match(/.*?(\S+)\s\*\//)[1]
mysql("--defaults-file=#{Facter.value(:root_home)}/.my.cnf", '-NBe', "show create database `#{resource[:name]}`").match(/.*?(\S+)\s\*\//)[1]
end

def charset=(value)
mysql('-NBe', "alter database `#{resource[:name]}` CHARACTER SET #{value}")
mysql("--defaults-file=#{Facter.value(:root_home)}/.my.cnf", '-NBe', "alter database `#{resource[:name]}` CHARACTER SET #{value}")
end

def exists?
begin
mysql('-NBe', "show databases").match(/^#{@resource[:name]}$/)
mysql("--defaults-file=#{Facter.value(:root_home)}/.my.cnf", '-NBe', "show databases").match(/^#{@resource[:name]}$/)
rescue => e
debug(e.message)
return nil
Expand Down
20 changes: 10 additions & 10 deletions lib/puppet/provider/database_grant/mysql.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,19 +34,19 @@ def db_privs
end

def self.query_user_privs
results = mysql("mysql", "-Be", "describe user")
results = mysql("--defaults-file=#{Facter.value(:root_home)}/.my.cnf", "mysql", "-Be", "describe user")
column_names = results.split(/\n/).map { |l| l.chomp.split(/\t/)[0] }
@user_privs = column_names.delete_if { |e| !( e =~/_priv$/) }
end

def self.query_db_privs
results = mysql("mysql", "-Be", "describe db")
results = mysql("--defaults-file=#{Facter.value(:root_home)}/.my.cnf", "mysql", "-Be", "describe db")
column_names = results.split(/\n/).map { |l| l.chomp.split(/\t/)[0] }
@db_privs = column_names.delete_if { |e| !(e =~/_priv$/) }
end

def mysql_flush
mysqladmin "flush-privileges"
mysqladmin "--defaults-file=#{Facter.value(:root_home)}/.my.cnf", "flush-privileges"
end

# this parses the
Expand Down Expand Up @@ -74,11 +74,11 @@ def create_row
name = split_name(@resource[:name])
case name[:type]
when :user
mysql "mysql", "-e", "INSERT INTO user (host, user) VALUES ('%s', '%s')" % [
mysql "--defaults-file=#{Facter.value(:root_home)}/.my.cnf", 'mysql', "-e", "INSERT INTO user (host, user) VALUES ('%s', '%s')" % [
name[:host], name[:user],
]
when :db
mysql "mysql", "-e", "INSERT INTO db (host, user, db) VALUES ('%s', '%s', '%s')" % [
mysql "--defaults-file=#{Facter.value(:root_home)}/.my.cnf", 'mysql', "-e", "INSERT INTO db (host, user, db) VALUES ('%s', '%s', '%s')" % [
name[:host], name[:user], name[:db],
]
end
Expand All @@ -87,7 +87,7 @@ def create_row
end

def destroy
mysql "mysql", "-e", "REVOKE ALL ON '%s'.* FROM '%s@%s'" % [ @resource[:privileges], @resource[:database], @resource[:name], @resource[:host] ]
mysql "--defaults-file=#{Facter.value(:root_home)}/.my.cnf", "-e", "REVOKE ALL ON '%s'.* FROM '%s@%s'" % [ @resource[:privileges], @resource[:database], @resource[:name], @resource[:host] ]
end

def row_exists?
Expand All @@ -96,7 +96,7 @@ def row_exists?
if name[:type] == :db
fields << :db
end
not mysql( "mysql", "-NBe", 'SELECT "1" FROM %s WHERE %s' % [ name[:type], fields.map do |f| "%s = '%s'" % [f, name[f]] end.join(' AND ')]).empty?
not mysql("--defaults-file=#{Facter.value(:root_home)}/.my.cnf", 'mysql', '-NBe', 'SELECT "1" FROM %s WHERE %s' % [ name[:type], fields.map do |f| "%s=\"%s\"" % [f, name[f]] end.join(' AND ')]).empty?
end

def all_privs_set?
Expand All @@ -118,9 +118,9 @@ def privileges

case name[:type]
when :user
privs = mysql "mysql", "-Be", 'select * from user where user="%s" and host="%s"' % [ name[:user], name[:host] ]
privs = mysql "--defaults-file=#{Facter.value(:root_home)}/.my.cnf", "-Be", 'select * from mysql.user where user="%s" and host="%s"' % [ name[:user], name[:host] ]
when :db
privs = mysql "mysql", "-Be", 'select * from db where user="%s" and host="%s" and db="%s"' % [ name[:user], name[:host], name[:db] ]
privs = mysql "--defaults-file=#{Facter.value(:root_home)}/.my.cnf", "-Be", 'select * from mysql.db where user="%s" and host="%s" and db="%s"' % [ name[:user], name[:host], name[:db] ]
end

if privs.match(/^$/)
Expand Down Expand Up @@ -171,7 +171,7 @@ def privileges=(privs)
# puts "set:", set
stmt = stmt << set << where

mysql "mysql", "-Be", stmt
mysql "--defaults-file=#{Facter.value(:root_home)}/.my.cnf", 'mysql', "-Be", stmt
mysql_flush
end
end
14 changes: 7 additions & 7 deletions lib/puppet/provider/database_user/mysql.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,35 +8,35 @@
optional_commands :mysqladmin => 'mysqladmin'

def self.instances
users = mysql("mysql", '-BNe' "select concat(User, '@',Host) as User from mysql.user").split("\n")
users = mysql("--defaults-file=#{Facter.value(:root_home)}/.my.cnf", '-BNe' "select concat(User, '@',Host) as User from mysql.user").split("\n")
users.select{ |user| user =~ /.+@/ }.collect do |name|
new(:name => name)
end
end

def create
mysql("mysql", "-e", "create user '%s' identified by PASSWORD '%s'" % [ @resource[:name].sub("@", "'@'"), @resource.value(:password_hash) ])
mysql("--defaults-file=#{Facter.value(:root_home)}/.my.cnf", "-e", "create user '%s' identified by PASSWORD '%s'" % [ @resource[:name].sub("@", "'@'"), @resource.value(:password_hash) ])
end

def destroy
mysql("mysql", "-e", "drop user '%s'" % @resource.value(:name).sub("@", "'@'") )
mysql("--defaults-file=#{Facter.value(:root_home)}/.my.cnf", "-e", "drop user '%s'" % @resource.value(:name).sub("@", "'@'") )
end

def password_hash
mysql("mysql", "-NBe", "select password from user where CONCAT(user, '@', host) = '%s'" % @resource.value(:name)).chomp
mysql("--defaults-file=#{Facter.value(:root_home)}/.my.cnf", "-NBe", "select password from mysql.user where CONCAT(user, '@', host) = '%s'" % @resource.value(:name)).chomp
end

def password_hash=(string)
mysql("mysql", "-e", "SET PASSWORD FOR '%s' = '%s'" % [ @resource[:name].sub("@", "'@'"), string ] )
mysql("--defaults-file=#{Facter.value(:root_home)}/.my.cnf", "-e", "SET PASSWORD FOR '%s' = '%s'" % [ @resource[:name].sub("@", "'@'"), string ] )
end

def exists?
not mysql("mysql", "-NBe", "select '1' from user where CONCAT(user, '@', host) = '%s'" % @resource.value(:name)).empty?
not mysql("--defaults-file=#{Facter.value(:root_home)}/.my.cnf", "-NBe", "select '1' from mysql.user where CONCAT(user, '@', host) = '%s'" % @resource.value(:name)).empty?
end

def flush
@property_hash.clear
mysqladmin "flush-privileges"
mysqladmin "--defaults-file=#{Facter.value(:root_home)}/.my.cnf", "flush-privileges"
end

end
33 changes: 19 additions & 14 deletions spec/unit/puppet/provider/database_grant/mysql_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,23 @@
require 'puppet'
require 'mocha'
require 'spec_helper'
RSpec.configure do |config|
config.mock_with :mocha
end
provider_class = Puppet::Type.type(:database_grant).provider(:mysql)
describe provider_class do
let(:root_home) { '/some/root/home' }

before :each do
@resource = Puppet::Type::Database_grant.new(
{ :privileges => 'all', :provider => 'mysql', :name => 'user@host'}
)
@provider = provider_class.new(@resource)
Facter.stubs(:value).with(:root_home).returns(root_home)
end

it 'should query privilegess from the database' do
provider_class.expects(:mysql) .with('mysql', '-Be', 'describe user').returns <<-EOT
provider_class.expects(:mysql) .with("--defaults-file=#{root_home}/.my.cnf", 'mysql', '-Be', 'describe user').returns <<-EOT
Field Type Null Key Default Extra
Host char(60) NO PRI
User char(16) NO PRI
Expand All @@ -21,7 +26,7 @@
Insert_priv enum('N','Y') NO N
Update_priv enum('N','Y') NO N
EOT
provider_class.expects(:mysql).with('mysql', '-Be', 'describe db').returns <<-EOT
provider_class.expects(:mysql).with("--defaults-file=#{root_home}/.my.cnf", 'mysql', '-Be', 'describe db').returns <<-EOT
Field Type Null Key Default Extra
Host char(60) NO PRI
Db char(64) NO PRI
Expand All @@ -35,47 +40,47 @@
end

it 'should query set priviliges' do
provider_class.expects(:mysql).with('mysql', '-Be', 'select * from user where user="user" and host="host"').returns <<-EOT
provider_class.expects(:mysql).with("--defaults-file=#{root_home}/.my.cnf", '-Be', 'select * from mysql.user where user="user" and host="host"').returns <<-EOT
Host User Password Select_priv Insert_priv Update_priv
host user Y N Y
EOT
@provider.privileges.should == [ 'Select_priv', 'Update_priv' ]
end

it 'should recognize when all priviliges are set' do
provider_class.expects(:mysql).with('mysql', '-Be', 'select * from user where user="user" and host="host"').returns <<-EOT
provider_class.expects(:mysql).with("--defaults-file=#{root_home}/.my.cnf", '-Be', 'select * from mysql.user where user="user" and host="host"').returns <<-EOT
Host User Password Select_priv Insert_priv Update_priv
host user Y Y Y
EOT
@provider.all_privs_set?.should == true
end

it 'should recognize when all privileges are not set' do
provider_class.expects(:mysql).with('mysql', '-Be', 'select * from user where user="user" and host="host"').returns <<-EOT
provider_class.expects(:mysql).with("--defaults-file=#{root_home}/.my.cnf", '-Be', 'select * from mysql.user where user="user" and host="host"').returns <<-EOT
Host User Password Select_priv Insert_priv Update_priv
host user Y N Y
EOT
@provider.all_privs_set?.should == false
end

it 'should be able to set all privileges' do
provider_class.expects(:mysql).with('mysql', '-NBe', 'SELECT "1" FROM user WHERE user = \'user\' AND host = \'host\'').returns "1\n"
provider_class.expects(:mysql).with('mysql', '-Be', "update user set Select_priv = 'Y', Insert_priv = 'Y', Update_priv = 'Y' where user=\"user\" and host=\"host\"")
provider_class.expects(:mysqladmin).with("flush-privileges")
provider_class.expects(:mysql).with("--defaults-file=#{root_home}/.my.cnf", 'mysql', '-NBe', 'SELECT "1" FROM user WHERE user="user" AND host="host"').returns "1\n"
provider_class.expects(:mysql).with("--defaults-file=#{root_home}/.my.cnf", 'mysql', '-Be', "update user set Select_priv = 'Y', Insert_priv = 'Y', Update_priv = 'Y' where user=\"user\" and host=\"host\"")
provider_class.expects(:mysqladmin).with("--defaults-file=#{root_home}/.my.cnf", "flush-privileges")
@provider.privileges=(['all'])
end

it 'should be able to set partial privileges' do
provider_class.expects(:mysql).with('mysql', '-NBe', 'SELECT "1" FROM user WHERE user = \'user\' AND host = \'host\'').returns "1\n"
provider_class.expects(:mysql).with('mysql', '-Be', "update user set Select_priv = 'Y', Insert_priv = 'N', Update_priv = 'Y' where user=\"user\" and host=\"host\"")
provider_class.expects(:mysqladmin).with("flush-privileges")
provider_class.expects(:mysql).with("--defaults-file=#{root_home}/.my.cnf", 'mysql', '-NBe', 'SELECT "1" FROM user WHERE user="user" AND host="host"').returns "1\n"
provider_class.expects(:mysql).with("--defaults-file=#{root_home}/.my.cnf", 'mysql', '-Be', "update user set Select_priv = 'Y', Insert_priv = 'N', Update_priv = 'Y' where user=\"user\" and host=\"host\"")
provider_class.expects(:mysqladmin).with("--defaults-file=#{root_home}/.my.cnf", "flush-privileges")
@provider.privileges=(['Select_priv', 'Update_priv'])
end

it 'should be case insensitive' do
provider_class.expects(:mysql).with('mysql', '-NBe', 'SELECT "1" FROM user WHERE user = \'user\' AND host = \'host\'').returns "1\n"
provider_class.expects(:mysql).with('mysql', '-Be', "update user set Select_priv = 'Y', Insert_priv = 'Y', Update_priv = 'Y' where user=\"user\" and host=\"host\"")
provider_class.expects(:mysqladmin).with('flush-privileges')
provider_class.expects(:mysql).with("--defaults-file=#{root_home}/.my.cnf", 'mysql', '-NBe', 'SELECT "1" FROM user WHERE user="user" AND host="host"').returns "1\n"
provider_class.expects(:mysql).with("--defaults-file=#{root_home}/.my.cnf", 'mysql', '-Be', "update user set Select_priv = 'Y', Insert_priv = 'Y', Update_priv = 'Y' where user=\"user\" and host=\"host\"")
provider_class.expects(:mysqladmin).with("--defaults-file=#{root_home}/.my.cnf", 'flush-privileges')
@provider.privileges=(['SELECT_PRIV', 'insert_priv', 'UpDaTe_pRiV'])
end
end