diff options
author | root <root@mysql.edv-bus.at> | 2007-10-18 14:38:57 +0200 |
---|---|---|
committer | root <root@mysql.edv-bus.at> | 2007-10-18 14:38:57 +0200 |
commit | a2903f7a33d7539188083dd0b8e194da5fd26261 (patch) | |
tree | 9cc6fb67b13eb16f9b50d22b25043f99d22cd8f4 | |
parent | ee94a2a56c73dc54439b34a58320c8c233ccdbd7 (diff) | |
download | puppet-mysql-a2903f7a33d7539188083dd0b8e194da5fd26261.tar.gz puppet-mysql-a2903f7a33d7539188083dd0b8e194da5fd26261.tar.xz puppet-mysql-a2903f7a33d7539188083dd0b8e194da5fd26261.zip |
mysql: implement privilege=>all and fix tests
-rw-r--r-- | plugins/puppet/provider/mysql_grant/mysql.rb | 52 | ||||
-rw-r--r-- | plugins/puppet/type/mysql_grant.rb | 9 | ||||
-rw-r--r-- | tests/150_create_db_grant.pp | 2 | ||||
-rw-r--r-- | tests/151_remove_db_privilege.pp | 4 | ||||
-rw-r--r-- | tests/152_add_db_privilege.pp | 4 | ||||
-rw-r--r-- | tests/153_change_db_priv.pp | 4 | ||||
-rw-r--r-- | tests/154_mix_db_grants.pp | 8 | ||||
-rw-r--r-- | tests/200_give_all_user_privs.pp | 8 | ||||
-rw-r--r-- | tests/201_give_all_db_privs.pp | 8 | ||||
-rw-r--r-- | tests/996_remove_db_grant.pp | 2 | ||||
-rw-r--r-- | tests/999_remove_database.pp | 3 |
11 files changed, 74 insertions, 30 deletions
diff --git a/plugins/puppet/provider/mysql_grant/mysql.rb b/plugins/puppet/provider/mysql_grant/mysql.rb index 93d7ecf..61c32d9 100644 --- a/plugins/puppet/provider/mysql_grant/mysql.rb +++ b/plugins/puppet/provider/mysql_grant/mysql.rb @@ -5,6 +5,21 @@ require 'puppet/provider/package' +MYSQL_USER_PRIVS = [ :select_priv, :insert_priv, :update_priv, :delete_priv, + :create_priv, :drop_priv, :reload_priv, :shutdown_priv, :process_priv, + :file_priv, :grant_priv, :references_priv, :index_priv, :alter_priv, + :show_db_priv, :super_priv, :create_tmp_table_priv, :lock_tables_priv, + :execute_priv, :repl_slave_priv, :repl_client_priv, :create_view_priv, + :show_view_priv, :create_routine_priv, :alter_routine_priv, + :create_user_priv +] + +MYSQL_DB_PRIVS = [ :select_priv, :insert_priv, :update_priv, :delete_priv, + :create_priv, :drop_priv, :grant_priv, :references_priv, :index_priv, + :alter_priv, :create_tmp_table_priv, :lock_tables_priv, :create_view_priv, + :show_view_priv, :create_routine_priv, :alter_routine_priv, :execute_priv +] + Puppet::Type.type(:mysql_grant).provide(:mysql) do desc "Uses mysql as database." @@ -66,8 +81,18 @@ Puppet::Type.type(:mysql_grant).provide(:mysql) do not mysql( "mysql", "-NBe", 'SELECT "1" FROM %s WHERE %s' % [ name[:type], fields.map do |f| "%s = '%s'" % [f, name[f]] end.join(' AND ')]).empty? end - # privileges "exist" always, it's just the setting we are interested in - # def exists? @resource.should( end + def all_privs_set? + all_privs = case split_name(@resource[:name])[:type] + when :user + MYSQL_USER_PRIVS + when :db + MYSQL_DB_PRIVS + end + all_privs = all_privs.collect do |p| p.to_s end.sort.join("|") + privs = privileges.collect do |p| p.to_s end.sort.join("|") + + all_privs == privs + end def privileges name = split_name(@resource[:name]) @@ -94,21 +119,6 @@ Puppet::Type.type(:mysql_grant).provide(:mysql) do end def privileges=(privs) - user_privs = [ :select_priv, :insert_priv, :update_priv, :delete_priv, - :create_priv, :drop_priv, :reload_priv, :shutdown_priv, - :process_priv, :file_priv, :grant_priv, :references_priv, - :index_priv, :alter_priv, :show_db_priv, :super_priv, - :create_tmp_table_priv, :lock_tables_priv, :execute_priv, - :repl_slave_priv, :repl_client_priv, :create_view_priv, - :show_view_priv, :create_routine_priv, :alter_routine_priv, - :create_user_priv ] - - db_privs = [ :select_priv, :insert_priv, :update_priv, :delete_priv, - :create_priv, :drop_priv, :grant_priv, :references_priv, - :index_priv, :alter_priv, :create_tmp_table_priv, :lock_tables_priv, - :create_view_priv, :show_view_priv, :create_routine_priv, - :alter_routine_priv, :execute_priv ] - unless row_exists? create_row end @@ -122,11 +132,15 @@ Puppet::Type.type(:mysql_grant).provide(:mysql) do when :user stmt = 'update user set ' where = ' where user="%s" and host="%s"' % [ name[:user], name[:host] ] - all_privs = user_privs + all_privs = MYSQL_USER_PRIVS when :db stmt = 'update db set ' where = ' where user="%s" and host="%s"' % [ name[:user], name[:host] ] - all_privs = db_privs + all_privs = MYSQL_DB_PRIVS + end + + if privs[0] == :all + privs = all_privs end # puts "stmt:", stmt diff --git a/plugins/puppet/type/mysql_grant.rb b/plugins/puppet/type/mysql_grant.rb index 0d31df3..415f5aa 100644 --- a/plugins/puppet/type/mysql_grant.rb +++ b/plugins/puppet/type/mysql_grant.rb @@ -59,7 +59,14 @@ Puppet::Type.newtype(:mysql_grant) do # use the sorted outputs for comparison def insync?(is) if defined? @should and @should - self.is_to_s(is) == self.should_to_s + case self.should_to_s + when "all" + self.provider.all_privs_set? + when self.is_to_s(is) + true + else + false + end else true end diff --git a/tests/150_create_db_grant.pp b/tests/150_create_db_grant.pp index f2b52f9..597993d 100644 --- a/tests/150_create_db_grant.pp +++ b/tests/150_create_db_grant.pp @@ -1,7 +1,7 @@ err("Create a db grant") mysql_grant { - "test_user@%/test_user": + "test_user@%test_db": privileges => [ "select_priv", 'insert_priv', 'update_priv' ], tag => test; } diff --git a/tests/151_remove_db_privilege.pp b/tests/151_remove_db_privilege.pp index 4eae44b..da3246f 100644 --- a/tests/151_remove_db_privilege.pp +++ b/tests/151_remove_db_privilege.pp @@ -1,7 +1,7 @@ -err("Revoke UPDATE from test_user@%/test_user") +err("Revoke UPDATE from test_user@%test_db") mysql_grant { - "test_user@%/test_user": + "test_user@%test_db": privileges => [ "select_priv", 'insert_priv'], } diff --git a/tests/152_add_db_privilege.pp b/tests/152_add_db_privilege.pp index 21dae54..6dd00d1 100644 --- a/tests/152_add_db_privilege.pp +++ b/tests/152_add_db_privilege.pp @@ -1,7 +1,7 @@ -err("Grant DELETE to test_user@%/test_user") +err("Grant DELETE to test_user@%test_db") mysql_grant { - "test_user@%/test_user": + "test_user@%test_db": privileges => [ "select_priv", 'insert_priv', 'delete_priv'], } diff --git a/tests/153_change_db_priv.pp b/tests/153_change_db_priv.pp index a317052..f72dab8 100644 --- a/tests/153_change_db_priv.pp +++ b/tests/153_change_db_priv.pp @@ -1,7 +1,7 @@ -err("Change DELETE to UPDATE privilege for test_user@%/test_user") +err("Change DELETE to UPDATE privilege for test_user@%test_db") mysql_grant { - "test_user@%/test_user": + "test_user@%test_db": privileges => [ "select_priv", 'insert_priv', 'update_priv'], } diff --git a/tests/154_mix_db_grants.pp b/tests/154_mix_db_grants.pp new file mode 100644 index 0000000..408308f --- /dev/null +++ b/tests/154_mix_db_grants.pp @@ -0,0 +1,8 @@ +err("Change privilege order") + +mysql_grant { + "test_user@%test_db": + privileges => [ "update_priv", 'insert_priv', 'select_priv'], +} + + diff --git a/tests/200_give_all_user_privs.pp b/tests/200_give_all_user_privs.pp new file mode 100644 index 0000000..cb59c8d --- /dev/null +++ b/tests/200_give_all_user_privs.pp @@ -0,0 +1,8 @@ +err("Grant ALL to test_user@%") + +mysql_grant { + "test_user@%": + privileges => all +} + + diff --git a/tests/201_give_all_db_privs.pp b/tests/201_give_all_db_privs.pp new file mode 100644 index 0000000..745048f --- /dev/null +++ b/tests/201_give_all_db_privs.pp @@ -0,0 +1,8 @@ +err("Grant ALL to test_user@%/test_db") + +mysql_grant { + "test_user@%/test_db": + privileges => all +} + + diff --git a/tests/996_remove_db_grant.pp b/tests/996_remove_db_grant.pp index e05aea8..a93c2a3 100644 --- a/tests/996_remove_db_grant.pp +++ b/tests/996_remove_db_grant.pp @@ -1,5 +1,5 @@ err("Remove the db grant") -mysql_grant { "test_user@%/test_user": privileges => [ ] } +mysql_grant { "test_user@%test_db": privileges => [ ] } diff --git a/tests/999_remove_database.pp b/tests/999_remove_database.pp index 34e224d..8a5df3e 100644 --- a/tests/999_remove_database.pp +++ b/tests/999_remove_database.pp @@ -1,4 +1,3 @@ - -err("Will remove 'test_db' again") +err("Will remove 'test_db'") mysql_database { "test_db": ensure => absent } |