From 154cba89e63d8c1a2a2def3b801d7b63726d0fc6 Mon Sep 17 00:00:00 2001 From: Stanislaw Bogatkin Date: Tue, 19 Jan 2016 18:03:35 +0300 Subject: [PATCH] Fix privileges for galera status user There are no such privilege as 'STATUS', so it changed accordingly to documentation. Change-Id: I653f9123c621fd71f0f649fc51c731dfc7b16eeb Closes-Bug: #1509072 --- .../openstack/manifests/galera/status.pp | 4 +- .../classes/openstack_galera_status_spec.rb | 54 +++++++++++++++++++ .../noop/spec/hosts/database/database_spec.rb | 10 ++++ 3 files changed, 66 insertions(+), 2 deletions(-) create mode 100644 deployment/puppet/openstack/spec/classes/openstack_galera_status_spec.rb diff --git a/deployment/puppet/openstack/manifests/galera/status.pp b/deployment/puppet/openstack/manifests/galera/status.pp index 1079e61eb9..1ade0e90c9 100644 --- a/deployment/puppet/openstack/manifests/galera/status.pp +++ b/deployment/puppet/openstack/manifests/galera/status.pp @@ -70,7 +70,7 @@ class openstack::galera::status ( mysql_grant { "${status_user}@${status_allow}/*.*": ensure => 'present', option => [ 'GRANT' ], - privileges => [ 'STATUS' ], + privileges => [ 'USAGE' ], table => '*.*', user => "${status_user}@${status_allow}", } @@ -82,7 +82,7 @@ class openstack::galera::status ( require => Class['mysql::server'], } -> database_grant { "${status_user}@${status_allow}/*.*": - privileges => [ 'Status_priv' ], + privileges => [ 'select_priv' ], } } diff --git a/deployment/puppet/openstack/spec/classes/openstack_galera_status_spec.rb b/deployment/puppet/openstack/spec/classes/openstack_galera_status_spec.rb new file mode 100644 index 0000000000..f65b365088 --- /dev/null +++ b/deployment/puppet/openstack/spec/classes/openstack_galera_status_spec.rb @@ -0,0 +1,54 @@ +require 'spec_helper' + +describe 'openstack::galera::status' do + + shared_examples_for 'galera configuration' do + + context 'with mysql module with version < 2.2' do + let :params do + { + :mysql_module => 2.1, + :status_user => 'user', + :status_password => 'password', + } + end + + it 'should create grant with right privileges' do + should contain_database_grant("user@%/*.*").with( + :privileges => [ 'select_priv' ] + ) + end + end + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian', + :operatingsystem => 'Debian', + :hostname => 'hostname.example.com', + :physicalprocessorcount => 2, + :memorysize_mb => 1024, + :openstack_version => {'nova' => 'present' }, + } + end + + it_configures 'galera configuration' + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '7.1', + :operatingsystemmajrelease => '7', + :hostname => 'hostname.example.com', + :physicalprocessorcount => 2, + :memorysize_mb => 1024, + :openstack_version => {'nova' => 'present' }, + } + end + + it_configures 'galera configuration' + end + +end diff --git a/tests/noop/spec/hosts/database/database_spec.rb b/tests/noop/spec/hosts/database/database_spec.rb index 493fa2e2f0..1250802196 100644 --- a/tests/noop/spec/hosts/database/database_spec.rb +++ b/tests/noop/spec/hosts/database/database_spec.rb @@ -26,6 +26,10 @@ describe manifest do Noop.hiera('database_nodes') end + let(:galera_node_address) do + Noop.puppet_function 'get_network_role_property', 'mgmt/database', 'ipaddr' + end + let(:galera_nodes) do (Noop.puppet_function 'get_node_to_ipaddr_map_by_network_role', database_nodes, 'mgmt/database').values end @@ -53,6 +57,12 @@ describe manifest do it { should contain_class('openstack::galera::status').that_comes_before('Haproxy_backend_status[mysql]') } it { should contain_haproxy_backend_status('mysql').that_comes_before('Class[osnailyfacter::mysql_access]') } + it 'should create grant with right privileges' do + should contain_database_grant("clustercheck@#{galera_node_address}/*.*").with( + :privileges => [ 'select_priv' ] + ) + end + if Noop.hiera('external_lb', false) database_vip = Noop.hiera('database_vip', Noop.hiera('management_vip')) url = "http://#{database_vip}:49000"