Add ability to skip mysql user/grants

Previously if you wanted to use the openstack::db::mysql for to create a database and use the same user for multiple databases, the catalog would fail due to a duplicate mysql_user definition. This change adds the ability to disable the user creation as well as the grant if the user does not need it. Change-Id: Id04a622cc900254fe60bc257a9e42d16c676bf40 Related-Bug: 1649341
2016-12-12 14:46:07 -07:00
parent efe3cd52d7
commit d91a4c7b36
5 changed files with 170 additions and 22 deletions
--- a/manifests/db/mysql.pp
+++ b/manifests/db/mysql.pp
@@ -35,7 +35,17 @@
 #  [*privileges*]
 #    Privileges given to the database user;
 #    string or array of strings; optional; default to 'ALL'
-
+#
+#  [*create_user*]
+#    Flag to allow for the skipping of the user as part of the database setup.
+#    Set to false to skip the user creation.
+#    Defaults to true.
+#
+#  [*create_grant*]
+#    Flag to allow for the skipping of the user grants as part of the database
+#    setup. Set to false to skip the user creation.
+#    Defaults to true.
+#
 define openstacklib::db::mysql (
  $password_hash,
  $dbname         = $title,
@@ -45,6 +55,8 @@ define openstacklib::db::mysql (
  $collate        = 'utf8_general_ci',
  $allowed_hosts  = [],
  $privileges     = 'ALL',
+  $create_user    = true,
+  $create_grant   = true,
 ) {

  include ::mysql::server
@@ -57,13 +69,17 @@ define openstacklib::db::mysql (
    require => [ Class['mysql::server'], Class['mysql::client'] ],
  }

-  $allowed_hosts_list = unique(concat(any2array($allowed_hosts), [$host]))
-  $real_allowed_hosts = prefix($allowed_hosts_list, "${dbname}_")
+  if $create_user or $create_grant {
+    $allowed_hosts_list = unique(concat(any2array($allowed_hosts), [$host]))
+    $real_allowed_hosts = prefix($allowed_hosts_list, "${dbname}_")

-  openstacklib::db::mysql::host_access { $real_allowed_hosts:
-    user          => $user,
-    password_hash => $password_hash,
-    database      => $dbname,
-    privileges    => $privileges,
+    openstacklib::db::mysql::host_access { $real_allowed_hosts:
+      user          => $user,
+      password_hash => $password_hash,
+      database      => $dbname,
+      privileges    => $privileges,
+      create_user   => $create_user,
+      create_grant  => $create_grant,
+    }
  }
 }
--- a/manifests/db/mysql/host_access.pp
+++ b/manifests/db/mysql/host_access.pp
@@ -17,25 +17,41 @@
 #  [*privileges*]
 #    the privileges to grant to this user
 #
+#  [*create_user*]
+#    Flag to allow for the skipping of the user as part of the database setup.
+#    Set to false to skip the user creation.
+#    Defaults to true.
+#
+#  [*create_grant*]
+#    Flag to allow for the skipping of the user grants as part of the database
+#    setup. Set to false to skip the user creation.
+#    Defaults to true.
+#
 define openstacklib::db::mysql::host_access (
  $user,
  $password_hash,
  $database,
  $privileges,
+  $create_user  = true,
+  $create_grant = true,
 ) {
  validate_re($title, '_', 'Title must be $dbname_$host')

  $host = inline_template('<%= @title.split("_").last.downcase %>')

-  mysql_user { "${user}@${host}":
-    password_hash => $password_hash,
-    require       => Mysql_database[$database],
+  if $create_user {
+    mysql_user { "${user}@${host}":
+      password_hash => $password_hash,
+      require       => Mysql_database[$database],
+    }
  }

-  mysql_grant { "${user}@${host}/${database}.*":
-    privileges => $privileges,
-    table      => "${database}.*",
-    require    => Mysql_user["${user}@${host}"],
-    user       => "${user}@${host}",
+  if $create_grant {
+    mysql_grant { "${user}@${host}/${database}.*":
+      privileges => $privileges,
+      table      => "${database}.*",
+      require    => Mysql_user["${user}@${host}"],
+      user       => "${user}@${host}",
+    }
  }
 }
--- a/releasenotes/notes/mysql-user-and-grants-optional-fd34f4686d44aec3.yaml
+++ b/releasenotes/notes/mysql-user-and-grants-optional-fd34f4686d44aec3.yaml
@@ -0,0 +1,9 @@
+---
+features:
+  - Add the ability to skip the mysql user and/or grant creation as part of the
+    openstack::db::mysql resource.
+fixes:
+  - openstack::db::mysql could not be used to create multiple databases
+    with the same user/password for access due to a duplicate mysql_user
+    resource declaration. Now the user and/or grant creation process can be
+    skipped if they already exist.
--- a/spec/defines/openstacklib_db_mysql_host_access_spec.rb
+++ b/spec/defines/openstacklib_db_mysql_host_access_spec.rb
@@ -30,6 +30,60 @@ describe 'openstacklib::db::mysql::host_access' do
      )}
    end

+    context 'with skipping user creation' do
+      let (:title) { 'nova_10.0.0.1' }
+      let :params do
+        { :user          => 'foobar',
+          :password_hash => 'AA1420F182E88B9E5F874F6FBE7459291E8F4601',
+          :database      => 'nova',
+          :privileges    => 'ALL',
+          :create_user   => false,
+        }
+      end
+
+      it { is_expected.to_not contain_mysql_user("#{params[:user]}@10.0.0.1") }
+
+      it { is_expected.to contain_mysql_grant("#{params[:user]}@10.0.0.1/#{params[:database]}.*").with(
+        :user       => "#{params[:user]}@10.0.0.1",
+        :privileges => 'ALL',
+        :table      => "#{params[:database]}.*"
+      )}
+    end
+
+    context 'with skipping grant creation' do
+      let (:title) { 'nova_10.0.0.1' }
+      let :params do
+        { :user          => 'foobar',
+          :password_hash => 'AA1420F182E88B9E5F874F6FBE7459291E8F4601',
+          :database      => 'nova',
+          :privileges    => 'ALL',
+          :create_grant  => false,
+        }
+      end
+
+      it { is_expected.to contain_mysql_user("#{params[:user]}@10.0.0.1").with(
+        :password_hash => params[:password_hash]
+      )}
+
+      it { is_expected.to_not contain_mysql_grant("#{params[:user]}@10.0.0.1/#{params[:database]}.*") }
+    end
+
+    context 'with skipping user and grant creation' do
+      let (:title) { 'nova_10.0.0.1' }
+      let :params do
+        { :user          => 'foobar',
+          :password_hash => 'AA1420F182E88B9E5F874F6FBE7459291E8F4601',
+          :database      => 'nova',
+          :privileges    => 'ALL',
+          :create_user   => false,
+          :create_grant  => false,
+        }
+      end
+
+      it { is_expected.to_not contain_mysql_user("#{params[:user]}@10.0.0.1") }
+
+      it { is_expected.to_not contain_mysql_grant("#{params[:user]}@10.0.0.1/#{params[:database]}.*") }
+    end
  end

  on_supported_os({
--- a/spec/defines/openstacklib_db_mysql_spec.rb
+++ b/spec/defines/openstacklib_db_mysql_spec.rb
@@ -40,9 +40,11 @@ describe 'openstacklib::db::mysql' do
        :collate => 'utf8_general_ci'
      )}
      it { is_expected.to contain_openstacklib__db__mysql__host_access("#{params[:dbname]}_127.0.0.1").with(
-        :user       => title,
-        :database   => params[:dbname],
-        :privileges => 'ALL'
+        :user         => title,
+        :database     => params[:dbname],
+        :privileges   => 'ALL',
+        :create_user  => true,
+        :create_grant => true,
      )}
    end

@@ -56,9 +58,11 @@ describe 'openstacklib::db::mysql' do
        :collate => 'utf8_general_ci'
      )}
      it { is_expected.to contain_openstacklib__db__mysql__host_access("#{title}_127.0.0.1").with(
-        :user       => params[:user],
-        :database   => title,
-        :privileges => 'ALL',
+        :user         => params[:user],
+        :database     => title,
+        :privileges   => 'ALL',
+        :create_user  => true,
+        :create_grant => true,
      )}
    end

@@ -143,6 +147,55 @@ describe 'openstacklib::db::mysql' do
      )}
    end

+    context 'with skipping user creation' do
+      let :params do
+        { :create_user => false }.merge(required_params)
+      end
+
+      it { is_expected.to contain_mysql_database(title).with(
+        :charset => 'utf8',
+        :collate => 'utf8_general_ci'
+      )}
+      it { is_expected.to contain_openstacklib__db__mysql__host_access("#{title}_127.0.0.1").with(
+        :user         => title,
+        :database     => title,
+        :privileges   => 'ALL',
+        :create_user  => false,
+        :create_grant => true,
+      )}
+    end
+
+    context 'with skipping grant creation' do
+      let :params do
+        { :create_grant => false }.merge(required_params)
+      end
+
+      it { is_expected.to contain_mysql_database(title).with(
+        :charset => 'utf8',
+        :collate => 'utf8_general_ci'
+      )}
+      it { is_expected.to contain_openstacklib__db__mysql__host_access("#{title}_127.0.0.1").with(
+        :user         => title,
+        :database     => title,
+        :privileges   => 'ALL',
+        :create_user  => true,
+        :create_grant => false,
+      )}
+    end
+
+    context 'with skipping user and grant creation' do
+      let :params do
+        { :create_user => false,
+          :create_grant => false }.merge(required_params)
+      end
+
+      it { is_expected.to contain_mysql_database(title).with(
+        :charset => 'utf8',
+        :collate => 'utf8_general_ci'
+      )}
+      it { is_expected.to_not contain_openstacklib__db__mysql__host_access("#{title}_127.0.0.1") }
+    end
+
  end

  on_supported_os({