Add ability to skip mysql user/grants
Previously if you wanted to use the openstack::db::mysql for to create a database and use the same user for multiple databases, the catalog would fail due to a duplicate mysql_user definition. This change adds the ability to disable the user creation as well as the grant if the user does not need it. Change-Id: Id04a622cc900254fe60bc257a9e42d16c676bf40 Related-Bug: 1649341
This commit is contained in:
@@ -35,7 +35,17 @@
|
||||
# [*privileges*]
|
||||
# Privileges given to the database user;
|
||||
# string or array of strings; optional; default to 'ALL'
|
||||
|
||||
#
|
||||
# [*create_user*]
|
||||
# Flag to allow for the skipping of the user as part of the database setup.
|
||||
# Set to false to skip the user creation.
|
||||
# Defaults to true.
|
||||
#
|
||||
# [*create_grant*]
|
||||
# Flag to allow for the skipping of the user grants as part of the database
|
||||
# setup. Set to false to skip the user creation.
|
||||
# Defaults to true.
|
||||
#
|
||||
define openstacklib::db::mysql (
|
||||
$password_hash,
|
||||
$dbname = $title,
|
||||
@@ -45,6 +55,8 @@ define openstacklib::db::mysql (
|
||||
$collate = 'utf8_general_ci',
|
||||
$allowed_hosts = [],
|
||||
$privileges = 'ALL',
|
||||
$create_user = true,
|
||||
$create_grant = true,
|
||||
) {
|
||||
|
||||
include ::mysql::server
|
||||
@@ -57,13 +69,17 @@ define openstacklib::db::mysql (
|
||||
require => [ Class['mysql::server'], Class['mysql::client'] ],
|
||||
}
|
||||
|
||||
$allowed_hosts_list = unique(concat(any2array($allowed_hosts), [$host]))
|
||||
$real_allowed_hosts = prefix($allowed_hosts_list, "${dbname}_")
|
||||
if $create_user or $create_grant {
|
||||
$allowed_hosts_list = unique(concat(any2array($allowed_hosts), [$host]))
|
||||
$real_allowed_hosts = prefix($allowed_hosts_list, "${dbname}_")
|
||||
|
||||
openstacklib::db::mysql::host_access { $real_allowed_hosts:
|
||||
user => $user,
|
||||
password_hash => $password_hash,
|
||||
database => $dbname,
|
||||
privileges => $privileges,
|
||||
openstacklib::db::mysql::host_access { $real_allowed_hosts:
|
||||
user => $user,
|
||||
password_hash => $password_hash,
|
||||
database => $dbname,
|
||||
privileges => $privileges,
|
||||
create_user => $create_user,
|
||||
create_grant => $create_grant,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@@ -17,25 +17,41 @@
|
||||
# [*privileges*]
|
||||
# the privileges to grant to this user
|
||||
#
|
||||
# [*create_user*]
|
||||
# Flag to allow for the skipping of the user as part of the database setup.
|
||||
# Set to false to skip the user creation.
|
||||
# Defaults to true.
|
||||
#
|
||||
# [*create_grant*]
|
||||
# Flag to allow for the skipping of the user grants as part of the database
|
||||
# setup. Set to false to skip the user creation.
|
||||
# Defaults to true.
|
||||
#
|
||||
define openstacklib::db::mysql::host_access (
|
||||
$user,
|
||||
$password_hash,
|
||||
$database,
|
||||
$privileges,
|
||||
$create_user = true,
|
||||
$create_grant = true,
|
||||
) {
|
||||
validate_re($title, '_', 'Title must be $dbname_$host')
|
||||
|
||||
$host = inline_template('<%= @title.split("_").last.downcase %>')
|
||||
|
||||
mysql_user { "${user}@${host}":
|
||||
password_hash => $password_hash,
|
||||
require => Mysql_database[$database],
|
||||
if $create_user {
|
||||
mysql_user { "${user}@${host}":
|
||||
password_hash => $password_hash,
|
||||
require => Mysql_database[$database],
|
||||
}
|
||||
}
|
||||
|
||||
mysql_grant { "${user}@${host}/${database}.*":
|
||||
privileges => $privileges,
|
||||
table => "${database}.*",
|
||||
require => Mysql_user["${user}@${host}"],
|
||||
user => "${user}@${host}",
|
||||
if $create_grant {
|
||||
mysql_grant { "${user}@${host}/${database}.*":
|
||||
privileges => $privileges,
|
||||
table => "${database}.*",
|
||||
require => Mysql_user["${user}@${host}"],
|
||||
user => "${user}@${host}",
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@@ -0,0 +1,9 @@
|
||||
---
|
||||
features:
|
||||
- Add the ability to skip the mysql user and/or grant creation as part of the
|
||||
openstack::db::mysql resource.
|
||||
fixes:
|
||||
- openstack::db::mysql could not be used to create multiple databases
|
||||
with the same user/password for access due to a duplicate mysql_user
|
||||
resource declaration. Now the user and/or grant creation process can be
|
||||
skipped if they already exist.
|
@@ -30,6 +30,60 @@ describe 'openstacklib::db::mysql::host_access' do
|
||||
)}
|
||||
end
|
||||
|
||||
context 'with skipping user creation' do
|
||||
let (:title) { 'nova_10.0.0.1' }
|
||||
let :params do
|
||||
{ :user => 'foobar',
|
||||
:password_hash => 'AA1420F182E88B9E5F874F6FBE7459291E8F4601',
|
||||
:database => 'nova',
|
||||
:privileges => 'ALL',
|
||||
:create_user => false,
|
||||
}
|
||||
end
|
||||
|
||||
it { is_expected.to_not contain_mysql_user("#{params[:user]}@10.0.0.1") }
|
||||
|
||||
it { is_expected.to contain_mysql_grant("#{params[:user]}@10.0.0.1/#{params[:database]}.*").with(
|
||||
:user => "#{params[:user]}@10.0.0.1",
|
||||
:privileges => 'ALL',
|
||||
:table => "#{params[:database]}.*"
|
||||
)}
|
||||
end
|
||||
|
||||
context 'with skipping grant creation' do
|
||||
let (:title) { 'nova_10.0.0.1' }
|
||||
let :params do
|
||||
{ :user => 'foobar',
|
||||
:password_hash => 'AA1420F182E88B9E5F874F6FBE7459291E8F4601',
|
||||
:database => 'nova',
|
||||
:privileges => 'ALL',
|
||||
:create_grant => false,
|
||||
}
|
||||
end
|
||||
|
||||
it { is_expected.to contain_mysql_user("#{params[:user]}@10.0.0.1").with(
|
||||
:password_hash => params[:password_hash]
|
||||
)}
|
||||
|
||||
it { is_expected.to_not contain_mysql_grant("#{params[:user]}@10.0.0.1/#{params[:database]}.*") }
|
||||
end
|
||||
|
||||
context 'with skipping user and grant creation' do
|
||||
let (:title) { 'nova_10.0.0.1' }
|
||||
let :params do
|
||||
{ :user => 'foobar',
|
||||
:password_hash => 'AA1420F182E88B9E5F874F6FBE7459291E8F4601',
|
||||
:database => 'nova',
|
||||
:privileges => 'ALL',
|
||||
:create_user => false,
|
||||
:create_grant => false,
|
||||
}
|
||||
end
|
||||
|
||||
it { is_expected.to_not contain_mysql_user("#{params[:user]}@10.0.0.1") }
|
||||
|
||||
it { is_expected.to_not contain_mysql_grant("#{params[:user]}@10.0.0.1/#{params[:database]}.*") }
|
||||
end
|
||||
end
|
||||
|
||||
on_supported_os({
|
||||
|
@@ -40,9 +40,11 @@ describe 'openstacklib::db::mysql' do
|
||||
:collate => 'utf8_general_ci'
|
||||
)}
|
||||
it { is_expected.to contain_openstacklib__db__mysql__host_access("#{params[:dbname]}_127.0.0.1").with(
|
||||
:user => title,
|
||||
:database => params[:dbname],
|
||||
:privileges => 'ALL'
|
||||
:user => title,
|
||||
:database => params[:dbname],
|
||||
:privileges => 'ALL',
|
||||
:create_user => true,
|
||||
:create_grant => true,
|
||||
)}
|
||||
end
|
||||
|
||||
@@ -56,9 +58,11 @@ describe 'openstacklib::db::mysql' do
|
||||
:collate => 'utf8_general_ci'
|
||||
)}
|
||||
it { is_expected.to contain_openstacklib__db__mysql__host_access("#{title}_127.0.0.1").with(
|
||||
:user => params[:user],
|
||||
:database => title,
|
||||
:privileges => 'ALL',
|
||||
:user => params[:user],
|
||||
:database => title,
|
||||
:privileges => 'ALL',
|
||||
:create_user => true,
|
||||
:create_grant => true,
|
||||
)}
|
||||
end
|
||||
|
||||
@@ -143,6 +147,55 @@ describe 'openstacklib::db::mysql' do
|
||||
)}
|
||||
end
|
||||
|
||||
context 'with skipping user creation' do
|
||||
let :params do
|
||||
{ :create_user => false }.merge(required_params)
|
||||
end
|
||||
|
||||
it { is_expected.to contain_mysql_database(title).with(
|
||||
:charset => 'utf8',
|
||||
:collate => 'utf8_general_ci'
|
||||
)}
|
||||
it { is_expected.to contain_openstacklib__db__mysql__host_access("#{title}_127.0.0.1").with(
|
||||
:user => title,
|
||||
:database => title,
|
||||
:privileges => 'ALL',
|
||||
:create_user => false,
|
||||
:create_grant => true,
|
||||
)}
|
||||
end
|
||||
|
||||
context 'with skipping grant creation' do
|
||||
let :params do
|
||||
{ :create_grant => false }.merge(required_params)
|
||||
end
|
||||
|
||||
it { is_expected.to contain_mysql_database(title).with(
|
||||
:charset => 'utf8',
|
||||
:collate => 'utf8_general_ci'
|
||||
)}
|
||||
it { is_expected.to contain_openstacklib__db__mysql__host_access("#{title}_127.0.0.1").with(
|
||||
:user => title,
|
||||
:database => title,
|
||||
:privileges => 'ALL',
|
||||
:create_user => true,
|
||||
:create_grant => false,
|
||||
)}
|
||||
end
|
||||
|
||||
context 'with skipping user and grant creation' do
|
||||
let :params do
|
||||
{ :create_user => false,
|
||||
:create_grant => false }.merge(required_params)
|
||||
end
|
||||
|
||||
it { is_expected.to contain_mysql_database(title).with(
|
||||
:charset => 'utf8',
|
||||
:collate => 'utf8_general_ci'
|
||||
)}
|
||||
it { is_expected.to_not contain_openstacklib__db__mysql__host_access("#{title}_127.0.0.1") }
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
on_supported_os({
|
||||
|
Reference in New Issue
Block a user