openstack
/
puppet-openstacklib
Code Issues Proposed changes

Merge "Add tls options to mysql user creation"

This commit is contained in:
Jenkins 2016-12-20 08:09:37 +00:00 committed by Gerrit Code Review
parent ff5c9b4e6d 83653d442e
commit 6a980b5d33
6 changed files with 40 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
manifests/db/mysql.pp
View File

@ -46,6 +46,10 @@
# setup. Set to false to skip the user creation.
# Defaults to true.
#
# [*tls_options*]
# The TLS options that the user will have
# Defaults to ['NONE']
#
define openstacklib::db::mysql (
$password_hash,
$dbname = $title,
@ -57,6 +61,7 @@ define openstacklib::db::mysql (
$privileges = 'ALL',
$create_user = true,
$create_grant = true,
$tls_options = ['NONE'],
) {
include ::mysql::server
@ -80,6 +85,7 @@ define openstacklib::db::mysql (
privileges => $privileges,
create_user => $create_user,
create_grant => $create_grant,
tls_options => $tls_options,
}
}
}

6
manifests/db/mysql/host_access.pp
View File

@ -27,6 +27,10 @@
# setup. Set to false to skip the user creation.
# Defaults to true.
#
# [*tls_options*]
# The TLS options that the user will have
# Defaults to ['NONE']
#
define openstacklib::db::mysql::host_access (
$user,
$password_hash,
@ -34,6 +38,7 @@ define openstacklib::db::mysql::host_access (
$privileges,
$create_user = true,
$create_grant = true,
$tls_options = ['NONE'],
) {
validate_re($title, '_', 'Title must be $dbname_$host')
@ -42,6 +47,7 @@ define openstacklib::db::mysql::host_access (
if $create_user {
mysql_user { "${user}@${host}":
password_hash => $password_hash,
tls_options => $tls_options,
require => Mysql_database[$database],
}
}

2
metadata.json
View File

@ -57,7 +57,7 @@
},
{
"name": "puppetlabs/mysql",
"version_requirement": ">=3.0.0 <4.0.0"
"version_requirement": ">=3.10.0 <4.0.0"
},
{
"name": "puppetlabs/stdlib",

6
releasenotes/notes/Add-TLS-options-for-mysql-user-creation-172536d7f3963ce2.yaml Normal file
View File

@ -0,0 +1,6 @@
---
features:
- For the users that result from the usage of the mysql resource, it is now
possible to specify the TLS options. This is useful if one wants to force
the user to only connect using TLS, or if one wants to force the usage of
client certificates for this specific user.

3
spec/defines/openstacklib_db_mysql_host_access_spec.rb
View File

@ -20,7 +20,8 @@ describe 'openstacklib::db::mysql::host_access' do
end
it { is_expected.to contain_mysql_user("#{params[:user]}@10.0.0.1").with(
:password_hash => params[:password_hash]
:password_hash => params[:password_hash],
:tls_options => ['NONE']
)}
it { is_expected.to contain_mysql_grant("#{params[:user]}@10.0.0.1/#{params[:database]}.*").with(

22
spec/defines/openstacklib_db_mysql_spec.rb
View File

@ -24,9 +24,10 @@ describe 'openstacklib::db::mysql' do
:collate => 'utf8_general_ci'
)}
it { is_expected.to contain_openstacklib__db__mysql__host_access("#{title}_127.0.0.1").with(
:user => title,
:database => title,
:privileges => 'ALL'
:user => title,
:database => title,
:privileges => 'ALL',
:tls_options => ['NONE'],
)}
end
@ -45,6 +46,7 @@ describe 'openstacklib::db::mysql' do
:privileges => 'ALL',
:create_user => true,
:create_grant => true,
:tls_options => ['NONE'],
)}
end
@ -63,6 +65,7 @@ describe 'openstacklib::db::mysql' do
:privileges => 'ALL',
:create_user => true,
:create_grant => true,
:tls_options => ['NONE'],
)}
end
@ -196,6 +199,19 @@ describe 'openstacklib::db::mysql' do
it { is_expected.to_not contain_openstacklib__db__mysql__host_access("#{title}_127.0.0.1") }
end
context "overriding tls_options" do
let :params do
{ :tls_options => ['SSL'] }.merge(required_params)
end
it {is_expected.to contain_openstacklib__db__mysql__host_access("#{title}_127.0.0.1").with(
:user => title,
:password_hash => params[:password_hash],
:database => title,
:tls_options => ['SSL'],
)}
end
end
on_supported_os({