mysql: implement privilege=>all and fix tests

11 files changed, 74 insertions, 30 deletions

diff --git a/plugins/puppet/provider/mysql_grant/mysql.rb b/plugins/puppet/provider/mysql_grant/mysql.rb
index 93d7ecf..61c32d9 100644
--- a/plugins/puppet/provider/mysql_grant/mysql.rb
+++ b/plugins/puppet/provider/mysql_grant/mysql.rb
@@ -5,6 +5,21 @@
 
 require 'puppet/provider/package'
 
+MYSQL_USER_PRIVS = [ :select_priv, :insert_priv, :update_priv, :delete_priv,
+	:create_priv, :drop_priv, :reload_priv, :shutdown_priv, :process_priv,
+	:file_priv, :grant_priv, :references_priv, :index_priv, :alter_priv,
+	:show_db_priv, :super_priv, :create_tmp_table_priv, :lock_tables_priv,
+	:execute_priv, :repl_slave_priv, :repl_client_priv, :create_view_priv,
+	:show_view_priv, :create_routine_priv, :alter_routine_priv,
+	:create_user_priv
+]
+
+MYSQL_DB_PRIVS = [ :select_priv, :insert_priv, :update_priv, :delete_priv,
+	:create_priv, :drop_priv, :grant_priv, :references_priv, :index_priv,
+	:alter_priv, :create_tmp_table_priv, :lock_tables_priv, :create_view_priv,
+	:show_view_priv, :create_routine_priv, :alter_routine_priv, :execute_priv
+]
+
 Puppet::Type.type(:mysql_grant).provide(:mysql) do
 
 	desc "Uses mysql as database."
@@ -66,8 +81,18 @@ Puppet::Type.type(:mysql_grant).provide(:mysql) do
 		not mysql( "mysql", "-NBe", 'SELECT "1" FROM %s WHERE %s' % [ name[:type], fields.map do |f| "%s = '%s'" % [f, name[f]] end.join(' AND ')]).empty?
 	end
 
-	# privileges "exist" always, it's just the setting we are interested in
-	# def exists?  @resource.should( end
+	def all_privs_set?
+		all_privs = case split_name(@resource[:name])[:type]
+			when :user
+				MYSQL_USER_PRIVS
+			when :db
+				MYSQL_DB_PRIVS
+		end
+		all_privs = all_privs.collect do |p| p.to_s end.sort.join("|")
+		privs = privileges.collect do |p| p.to_s end.sort.join("|")
+
+		all_privs == privs
+	end
 
 	def privileges 
 		name = split_name(@resource[:name])
@@ -94,21 +119,6 @@ Puppet::Type.type(:mysql_grant).provide(:mysql) do
 	end
 
 	def privileges=(privs) 
-		user_privs = [ :select_priv, :insert_priv, :update_priv, :delete_priv,
-			:create_priv, :drop_priv, :reload_priv, :shutdown_priv,
-			:process_priv, :file_priv, :grant_priv, :references_priv,
-			:index_priv, :alter_priv, :show_db_priv, :super_priv,
-			:create_tmp_table_priv, :lock_tables_priv, :execute_priv,
-			:repl_slave_priv, :repl_client_priv, :create_view_priv,
-			:show_view_priv, :create_routine_priv, :alter_routine_priv,
-			:create_user_priv ]
-
-		db_privs = [ :select_priv, :insert_priv, :update_priv, :delete_priv,
-			:create_priv, :drop_priv, :grant_priv, :references_priv,
-			:index_priv, :alter_priv, :create_tmp_table_priv, :lock_tables_priv,
-			:create_view_priv, :show_view_priv, :create_routine_priv,
-			:alter_routine_priv, :execute_priv ]
-
 		unless row_exists?
 			create_row
 		end
@@ -122,11 +132,15 @@ Puppet::Type.type(:mysql_grant).provide(:mysql) do
 		when :user
 			stmt = 'update user set '
 			where = ' where user="%s" and host="%s"' % [ name[:user], name[:host] ]
-			all_privs = user_privs
+			all_privs = MYSQL_USER_PRIVS
 		when :db
 			stmt = 'update db set '
 			where = ' where user="%s" and host="%s"' % [ name[:user], name[:host] ]
-			all_privs = db_privs
+			all_privs = MYSQL_DB_PRIVS
+		end
+
+		if privs[0] == :all 
+			privs = all_privs
 		end
 	
 		# puts "stmt:", stmt
diff --git a/plugins/puppet/type/mysql_grant.rb b/plugins/puppet/type/mysql_grant.rb
index 0d31df3..415f5aa 100644
--- a/plugins/puppet/type/mysql_grant.rb
+++ b/plugins/puppet/type/mysql_grant.rb
@@ -59,7 +59,14 @@ Puppet::Type.newtype(:mysql_grant) do
 		# use the sorted outputs for comparison
 		def insync?(is)
 			if defined? @should and @should
-				self.is_to_s(is) == self.should_to_s
+				case self.should_to_s 
+				when "all"
+					self.provider.all_privs_set?
+				when self.is_to_s(is)
+					true
+				else
+					false
+				end
 			else
 				true
 			end
diff --git a/tests/150_create_db_grant.pp b/tests/150_create_db_grant.pp
index f2b52f9..597993d 100644
--- a/tests/150_create_db_grant.pp
+++ b/tests/150_create_db_grant.pp
@@ -1,7 +1,7 @@
 err("Create a db grant")
 
 mysql_grant {
-	"test_user@%/test_user":
+	"test_user@%test_db":
 		privileges => [ "select_priv", 'insert_priv', 'update_priv' ],
 		tag => test;
 }
diff --git a/tests/151_remove_db_privilege.pp b/tests/151_remove_db_privilege.pp
index 4eae44b..da3246f 100644
--- a/tests/151_remove_db_privilege.pp
+++ b/tests/151_remove_db_privilege.pp
@@ -1,7 +1,7 @@
-err("Revoke UPDATE from test_user@%/test_user")
+err("Revoke UPDATE from test_user@%test_db")
 
 mysql_grant {
-	"test_user@%/test_user":
+	"test_user@%test_db":
 		privileges => [ "select_priv", 'insert_priv'],
 }
 
diff --git a/tests/152_add_db_privilege.pp b/tests/152_add_db_privilege.pp
index 21dae54..6dd00d1 100644
--- a/tests/152_add_db_privilege.pp
+++ b/tests/152_add_db_privilege.pp
@@ -1,7 +1,7 @@
-err("Grant DELETE to test_user@%/test_user")
+err("Grant DELETE to test_user@%test_db")
 
 mysql_grant {
-	"test_user@%/test_user":
+	"test_user@%test_db":
 		privileges => [ "select_priv", 'insert_priv', 'delete_priv'],
 }
 
diff --git a/tests/153_change_db_priv.pp b/tests/153_change_db_priv.pp
index a317052..f72dab8 100644
--- a/tests/153_change_db_priv.pp
+++ b/tests/153_change_db_priv.pp
@@ -1,7 +1,7 @@
-err("Change DELETE to UPDATE privilege for test_user@%/test_user")
+err("Change DELETE to UPDATE privilege for test_user@%test_db")
 
 mysql_grant {
-	"test_user@%/test_user":
+	"test_user@%test_db":
 		privileges => [ "select_priv", 'insert_priv', 'update_priv'],
 }
 
diff --git a/tests/154_mix_db_grants.pp b/tests/154_mix_db_grants.pp
new file mode 100644
index 0000000..408308f
--- /dev/null
+++ b/tests/154_mix_db_grants.pp
@@ -0,0 +1,8 @@
+err("Change privilege order")
+
+mysql_grant {
+	"test_user@%test_db":
+		privileges => [ "update_priv", 'insert_priv', 'select_priv'],
+}
+
+
diff --git a/tests/200_give_all_user_privs.pp b/tests/200_give_all_user_privs.pp
new file mode 100644
index 0000000..cb59c8d
--- /dev/null
+++ b/tests/200_give_all_user_privs.pp
@@ -0,0 +1,8 @@
+err("Grant ALL to test_user@%")
+
+mysql_grant {
+	"test_user@%":
+		privileges => all
+}
+
+
diff --git a/tests/201_give_all_db_privs.pp b/tests/201_give_all_db_privs.pp
new file mode 100644
index 0000000..745048f
--- /dev/null
+++ b/tests/201_give_all_db_privs.pp
@@ -0,0 +1,8 @@
+err("Grant ALL to test_user@%/test_db")
+
+mysql_grant {
+	"test_user@%/test_db":
+		privileges => all
+}
+
+
diff --git a/tests/996_remove_db_grant.pp b/tests/996_remove_db_grant.pp
index e05aea8..a93c2a3 100644
--- a/tests/996_remove_db_grant.pp
+++ b/tests/996_remove_db_grant.pp
@@ -1,5 +1,5 @@
 err("Remove the db grant")
 
-mysql_grant { "test_user@%/test_user": privileges => [ ] }
+mysql_grant { "test_user@%test_db": privileges => [ ] }
 
 
diff --git a/tests/999_remove_database.pp b/tests/999_remove_database.pp
index 34e224d..8a5df3e 100644
--- a/tests/999_remove_database.pp
+++ b/tests/999_remove_database.pp
@@ -1,4 +1,3 @@
-
-err("Will remove 'test_db' again")
+err("Will remove 'test_db'")
 mysql_database { "test_db": ensure => absent }