Add ability to skip mysql user/grants

Previously if you wanted to use the openstack::db::mysql for to create a
database and use the same user for multiple databases, the catalog would
fail due to a duplicate mysql_user definition. This change adds the
ability to disable the user creation as well as the grant if the user
does not need it.

Change-Id: Id04a622cc900254fe60bc257a9e42d16c676bf40
Related-Bug: 1649341
This commit is contained in:
Alex Schultz
2016-12-12 14:46:07 -07:00
parent efe3cd52d7
commit d91a4c7b36
5 changed files with 170 additions and 22 deletions

View File

@@ -35,7 +35,17 @@
# [*privileges*]
# Privileges given to the database user;
# string or array of strings; optional; default to 'ALL'
#
# [*create_user*]
# Flag to allow for the skipping of the user as part of the database setup.
# Set to false to skip the user creation.
# Defaults to true.
#
# [*create_grant*]
# Flag to allow for the skipping of the user grants as part of the database
# setup. Set to false to skip the user creation.
# Defaults to true.
#
define openstacklib::db::mysql (
$password_hash,
$dbname = $title,
@@ -45,6 +55,8 @@ define openstacklib::db::mysql (
$collate = 'utf8_general_ci',
$allowed_hosts = [],
$privileges = 'ALL',
$create_user = true,
$create_grant = true,
) {
include ::mysql::server
@@ -57,13 +69,17 @@ define openstacklib::db::mysql (
require => [ Class['mysql::server'], Class['mysql::client'] ],
}
$allowed_hosts_list = unique(concat(any2array($allowed_hosts), [$host]))
$real_allowed_hosts = prefix($allowed_hosts_list, "${dbname}_")
if $create_user or $create_grant {
$allowed_hosts_list = unique(concat(any2array($allowed_hosts), [$host]))
$real_allowed_hosts = prefix($allowed_hosts_list, "${dbname}_")
openstacklib::db::mysql::host_access { $real_allowed_hosts:
user => $user,
password_hash => $password_hash,
database => $dbname,
privileges => $privileges,
openstacklib::db::mysql::host_access { $real_allowed_hosts:
user => $user,
password_hash => $password_hash,
database => $dbname,
privileges => $privileges,
create_user => $create_user,
create_grant => $create_grant,
}
}
}

View File

@@ -17,25 +17,41 @@
# [*privileges*]
# the privileges to grant to this user
#
# [*create_user*]
# Flag to allow for the skipping of the user as part of the database setup.
# Set to false to skip the user creation.
# Defaults to true.
#
# [*create_grant*]
# Flag to allow for the skipping of the user grants as part of the database
# setup. Set to false to skip the user creation.
# Defaults to true.
#
define openstacklib::db::mysql::host_access (
$user,
$password_hash,
$database,
$privileges,
$create_user = true,
$create_grant = true,
) {
validate_re($title, '_', 'Title must be $dbname_$host')
$host = inline_template('<%= @title.split("_").last.downcase %>')
mysql_user { "${user}@${host}":
password_hash => $password_hash,
require => Mysql_database[$database],
if $create_user {
mysql_user { "${user}@${host}":
password_hash => $password_hash,
require => Mysql_database[$database],
}
}
mysql_grant { "${user}@${host}/${database}.*":
privileges => $privileges,
table => "${database}.*",
require => Mysql_user["${user}@${host}"],
user => "${user}@${host}",
if $create_grant {
mysql_grant { "${user}@${host}/${database}.*":
privileges => $privileges,
table => "${database}.*",
require => Mysql_user["${user}@${host}"],
user => "${user}@${host}",
}
}
}

View File

@@ -0,0 +1,9 @@
---
features:
- Add the ability to skip the mysql user and/or grant creation as part of the
openstack::db::mysql resource.
fixes:
- openstack::db::mysql could not be used to create multiple databases
with the same user/password for access due to a duplicate mysql_user
resource declaration. Now the user and/or grant creation process can be
skipped if they already exist.

View File

@@ -30,6 +30,60 @@ describe 'openstacklib::db::mysql::host_access' do
)}
end
context 'with skipping user creation' do
let (:title) { 'nova_10.0.0.1' }
let :params do
{ :user => 'foobar',
:password_hash => 'AA1420F182E88B9E5F874F6FBE7459291E8F4601',
:database => 'nova',
:privileges => 'ALL',
:create_user => false,
}
end
it { is_expected.to_not contain_mysql_user("#{params[:user]}@10.0.0.1") }
it { is_expected.to contain_mysql_grant("#{params[:user]}@10.0.0.1/#{params[:database]}.*").with(
:user => "#{params[:user]}@10.0.0.1",
:privileges => 'ALL',
:table => "#{params[:database]}.*"
)}
end
context 'with skipping grant creation' do
let (:title) { 'nova_10.0.0.1' }
let :params do
{ :user => 'foobar',
:password_hash => 'AA1420F182E88B9E5F874F6FBE7459291E8F4601',
:database => 'nova',
:privileges => 'ALL',
:create_grant => false,
}
end
it { is_expected.to contain_mysql_user("#{params[:user]}@10.0.0.1").with(
:password_hash => params[:password_hash]
)}
it { is_expected.to_not contain_mysql_grant("#{params[:user]}@10.0.0.1/#{params[:database]}.*") }
end
context 'with skipping user and grant creation' do
let (:title) { 'nova_10.0.0.1' }
let :params do
{ :user => 'foobar',
:password_hash => 'AA1420F182E88B9E5F874F6FBE7459291E8F4601',
:database => 'nova',
:privileges => 'ALL',
:create_user => false,
:create_grant => false,
}
end
it { is_expected.to_not contain_mysql_user("#{params[:user]}@10.0.0.1") }
it { is_expected.to_not contain_mysql_grant("#{params[:user]}@10.0.0.1/#{params[:database]}.*") }
end
end
on_supported_os({

View File

@@ -40,9 +40,11 @@ describe 'openstacklib::db::mysql' do
:collate => 'utf8_general_ci'
)}
it { is_expected.to contain_openstacklib__db__mysql__host_access("#{params[:dbname]}_127.0.0.1").with(
:user => title,
:database => params[:dbname],
:privileges => 'ALL'
:user => title,
:database => params[:dbname],
:privileges => 'ALL',
:create_user => true,
:create_grant => true,
)}
end
@@ -56,9 +58,11 @@ describe 'openstacklib::db::mysql' do
:collate => 'utf8_general_ci'
)}
it { is_expected.to contain_openstacklib__db__mysql__host_access("#{title}_127.0.0.1").with(
:user => params[:user],
:database => title,
:privileges => 'ALL',
:user => params[:user],
:database => title,
:privileges => 'ALL',
:create_user => true,
:create_grant => true,
)}
end
@@ -143,6 +147,55 @@ describe 'openstacklib::db::mysql' do
)}
end
context 'with skipping user creation' do
let :params do
{ :create_user => false }.merge(required_params)
end
it { is_expected.to contain_mysql_database(title).with(
:charset => 'utf8',
:collate => 'utf8_general_ci'
)}
it { is_expected.to contain_openstacklib__db__mysql__host_access("#{title}_127.0.0.1").with(
:user => title,
:database => title,
:privileges => 'ALL',
:create_user => false,
:create_grant => true,
)}
end
context 'with skipping grant creation' do
let :params do
{ :create_grant => false }.merge(required_params)
end
it { is_expected.to contain_mysql_database(title).with(
:charset => 'utf8',
:collate => 'utf8_general_ci'
)}
it { is_expected.to contain_openstacklib__db__mysql__host_access("#{title}_127.0.0.1").with(
:user => title,
:database => title,
:privileges => 'ALL',
:create_user => true,
:create_grant => false,
)}
end
context 'with skipping user and grant creation' do
let :params do
{ :create_user => false,
:create_grant => false }.merge(required_params)
end
it { is_expected.to contain_mysql_database(title).with(
:charset => 'utf8',
:collate => 'utf8_general_ci'
)}
it { is_expected.to_not contain_openstacklib__db__mysql__host_access("#{title}_127.0.0.1") }
end
end
on_supported_os({