Fix privileges for galera status user

There are no such privilege as 'STATUS', so it changed accordingly to documentation. Change-Id: I653f9123c621fd71f0f649fc51c731dfc7b16eeb Closes-Bug: #1509072
2016-01-19 18:03:35 +03:00 · 2016-01-19 18:03:35 +03:00 · 154cba89e6
commit 154cba89e6
parent 71f877abd5
3 changed files with 66 additions and 2 deletions
--- a/deployment/puppet/openstack/manifests/galera/status.pp
+++ b/deployment/puppet/openstack/manifests/galera/status.pp
@ -70,7 +70,7 @@ class openstack::galera::status (
    mysql_grant { "${status_user}@${status_allow}/*.*":
      ensure     => 'present',
      option     => [ 'GRANT' ],
-      privileges => [ 'STATUS' ],
+      privileges => [ 'USAGE' ],
      table      => '*.*',
      user       => "${status_user}@${status_allow}",
    }
@ -82,7 +82,7 @@ class openstack::galera::status (
      require       => Class['mysql::server'],
    } ->
    database_grant { "${status_user}@${status_allow}/*.*":
-      privileges => [ 'Status_priv' ],
+      privileges => [ 'select_priv' ],
    }
  }

--- a/deployment/puppet/openstack/spec/classes/openstack_galera_status_spec.rb
+++ b/deployment/puppet/openstack/spec/classes/openstack_galera_status_spec.rb
@ -0,0 +1,54 @@
+require 'spec_helper'
+
+describe 'openstack::galera::status' do
+
+  shared_examples_for 'galera configuration' do
+
+    context 'with mysql module with version < 2.2' do
+      let :params do
+        {
+          :mysql_module => 2.1,
+          :status_user     => 'user',
+          :status_password => 'password',
+        }
+      end
+
+      it 'should create grant with right privileges' do
+        should contain_database_grant("user@%/*.*").with(
+          :privileges => [ 'select_priv' ]
+        )
+      end
+    end
+  end
+
+  context 'on Debian platforms' do
+    let :facts do
+      { :osfamily => 'Debian',
+        :operatingsystem => 'Debian',
+        :hostname => 'hostname.example.com',
+        :physicalprocessorcount => 2,
+        :memorysize_mb => 1024,
+        :openstack_version => {'nova' => 'present' },
+      }
+    end
+
+    it_configures 'galera configuration'
+  end
+
+  context 'on RedHat platforms' do
+    let :facts do
+      { :osfamily => 'RedHat',
+        :operatingsystem => 'RedHat',
+        :operatingsystemrelease => '7.1',
+        :operatingsystemmajrelease => '7',
+        :hostname => 'hostname.example.com',
+        :physicalprocessorcount => 2,
+        :memorysize_mb => 1024,
+        :openstack_version => {'nova' => 'present' },
+      }
+    end
+
+    it_configures 'galera configuration'
+  end
+
+end
--- a/tests/noop/spec/hosts/database/database_spec.rb
+++ b/tests/noop/spec/hosts/database/database_spec.rb
@ -26,6 +26,10 @@ describe manifest do
      Noop.hiera('database_nodes')
    end

+    let(:galera_node_address) do
+      Noop.puppet_function 'get_network_role_property', 'mgmt/database', 'ipaddr'
+    end
+
    let(:galera_nodes) do
      (Noop.puppet_function 'get_node_to_ipaddr_map_by_network_role', database_nodes, 'mgmt/database').values
    end
@ -53,6 +57,12 @@ describe manifest do
    it { should contain_class('openstack::galera::status').that_comes_before('Haproxy_backend_status[mysql]') }
    it { should contain_haproxy_backend_status('mysql').that_comes_before('Class[osnailyfacter::mysql_access]') }

+    it 'should create grant with right privileges' do
+      should contain_database_grant("clustercheck@#{galera_node_address}/*.*").with(
+        :privileges => [ 'select_priv' ]
+      )
+    end
+
    if Noop.hiera('external_lb', false)
      database_vip = Noop.hiera('database_vip', Noop.hiera('management_vip'))
      url = "http://#{database_vip}:49000"