Merge "Fix privileges for galera status user"

This commit is contained in:
Jenkins 2016-01-25 15:06:48 +00:00 committed by Gerrit Code Review
commit cbd97da439
3 changed files with 66 additions and 2 deletions

View File

@ -70,7 +70,7 @@ class openstack::galera::status (
mysql_grant { "${status_user}@${status_allow}/*.*": mysql_grant { "${status_user}@${status_allow}/*.*":
ensure => 'present', ensure => 'present',
option => [ 'GRANT' ], option => [ 'GRANT' ],
privileges => [ 'STATUS' ], privileges => [ 'USAGE' ],
table => '*.*', table => '*.*',
user => "${status_user}@${status_allow}", user => "${status_user}@${status_allow}",
} }
@ -82,7 +82,7 @@ class openstack::galera::status (
require => Class['mysql::server'], require => Class['mysql::server'],
} -> } ->
database_grant { "${status_user}@${status_allow}/*.*": database_grant { "${status_user}@${status_allow}/*.*":
privileges => [ 'Status_priv' ], privileges => [ 'select_priv' ],
} }
} }

View File

@ -0,0 +1,54 @@
require 'spec_helper'
describe 'openstack::galera::status' do
shared_examples_for 'galera configuration' do
context 'with mysql module with version < 2.2' do
let :params do
{
:mysql_module => 2.1,
:status_user => 'user',
:status_password => 'password',
}
end
it 'should create grant with right privileges' do
should contain_database_grant("user@%/*.*").with(
:privileges => [ 'select_priv' ]
)
end
end
end
context 'on Debian platforms' do
let :facts do
{ :osfamily => 'Debian',
:operatingsystem => 'Debian',
:hostname => 'hostname.example.com',
:physicalprocessorcount => 2,
:memorysize_mb => 1024,
:openstack_version => {'nova' => 'present' },
}
end
it_configures 'galera configuration'
end
context 'on RedHat platforms' do
let :facts do
{ :osfamily => 'RedHat',
:operatingsystem => 'RedHat',
:operatingsystemrelease => '7.1',
:operatingsystemmajrelease => '7',
:hostname => 'hostname.example.com',
:physicalprocessorcount => 2,
:memorysize_mb => 1024,
:openstack_version => {'nova' => 'present' },
}
end
it_configures 'galera configuration'
end
end

View File

@ -26,6 +26,10 @@ describe manifest do
Noop.hiera('database_nodes') Noop.hiera('database_nodes')
end end
let(:galera_node_address) do
Noop.puppet_function 'get_network_role_property', 'mgmt/database', 'ipaddr'
end
let(:galera_nodes) do let(:galera_nodes) do
(Noop.puppet_function 'get_node_to_ipaddr_map_by_network_role', database_nodes, 'mgmt/database').values (Noop.puppet_function 'get_node_to_ipaddr_map_by_network_role', database_nodes, 'mgmt/database').values
end end
@ -53,6 +57,12 @@ describe manifest do
it { should contain_class('openstack::galera::status').that_comes_before('Haproxy_backend_status[mysql]') } it { should contain_class('openstack::galera::status').that_comes_before('Haproxy_backend_status[mysql]') }
it { should contain_haproxy_backend_status('mysql').that_comes_before('Class[osnailyfacter::mysql_access]') } it { should contain_haproxy_backend_status('mysql').that_comes_before('Class[osnailyfacter::mysql_access]') }
it 'should create grant with right privileges' do
should contain_database_grant("clustercheck@#{galera_node_address}/*.*").with(
:privileges => [ 'select_priv' ]
)
end
if Noop.hiera('external_lb', false) if Noop.hiera('external_lb', false)
database_vip = Noop.hiera('database_vip', Noop.hiera('management_vip')) database_vip = Noop.hiera('database_vip', Noop.hiera('management_vip'))
url = "http://#{database_vip}:49000" url = "http://#{database_vip}:49000"