From d91a4c7b3677cf3fd19695edbe5bf9ea3b880c26 Mon Sep 17 00:00:00 2001 From: Alex Schultz Date: Mon, 12 Dec 2016 14:46:07 -0700 Subject: [PATCH] Add ability to skip mysql user/grants Previously if you wanted to use the openstack::db::mysql for to create a database and use the same user for multiple databases, the catalog would fail due to a duplicate mysql_user definition. This change adds the ability to disable the user creation as well as the grant if the user does not need it. Change-Id: Id04a622cc900254fe60bc257a9e42d16c676bf40 Related-Bug: 1649341 --- manifests/db/mysql.pp | 32 ++++++--- manifests/db/mysql/host_access.pp | 32 ++++++--- ...-and-grants-optional-fd34f4686d44aec3.yaml | 9 +++ .../openstacklib_db_mysql_host_access_spec.rb | 54 +++++++++++++++ spec/defines/openstacklib_db_mysql_spec.rb | 65 +++++++++++++++++-- 5 files changed, 170 insertions(+), 22 deletions(-) create mode 100644 releasenotes/notes/mysql-user-and-grants-optional-fd34f4686d44aec3.yaml diff --git a/manifests/db/mysql.pp b/manifests/db/mysql.pp index 7a7d5732..dc70b5bd 100644 --- a/manifests/db/mysql.pp +++ b/manifests/db/mysql.pp @@ -35,7 +35,17 @@ # [*privileges*] # Privileges given to the database user; # string or array of strings; optional; default to 'ALL' - +# +# [*create_user*] +# Flag to allow for the skipping of the user as part of the database setup. +# Set to false to skip the user creation. +# Defaults to true. +# +# [*create_grant*] +# Flag to allow for the skipping of the user grants as part of the database +# setup. Set to false to skip the user creation. +# Defaults to true. +# define openstacklib::db::mysql ( $password_hash, $dbname = $title, @@ -45,6 +55,8 @@ define openstacklib::db::mysql ( $collate = 'utf8_general_ci', $allowed_hosts = [], $privileges = 'ALL', + $create_user = true, + $create_grant = true, ) { include ::mysql::server @@ -57,13 +69,17 @@ define openstacklib::db::mysql ( require => [ Class['mysql::server'], Class['mysql::client'] ], } - $allowed_hosts_list = unique(concat(any2array($allowed_hosts), [$host])) - $real_allowed_hosts = prefix($allowed_hosts_list, "${dbname}_") + if $create_user or $create_grant { + $allowed_hosts_list = unique(concat(any2array($allowed_hosts), [$host])) + $real_allowed_hosts = prefix($allowed_hosts_list, "${dbname}_") - openstacklib::db::mysql::host_access { $real_allowed_hosts: - user => $user, - password_hash => $password_hash, - database => $dbname, - privileges => $privileges, + openstacklib::db::mysql::host_access { $real_allowed_hosts: + user => $user, + password_hash => $password_hash, + database => $dbname, + privileges => $privileges, + create_user => $create_user, + create_grant => $create_grant, + } } } diff --git a/manifests/db/mysql/host_access.pp b/manifests/db/mysql/host_access.pp index 5378fb70..8487b653 100644 --- a/manifests/db/mysql/host_access.pp +++ b/manifests/db/mysql/host_access.pp @@ -17,25 +17,41 @@ # [*privileges*] # the privileges to grant to this user # +# [*create_user*] +# Flag to allow for the skipping of the user as part of the database setup. +# Set to false to skip the user creation. +# Defaults to true. +# +# [*create_grant*] +# Flag to allow for the skipping of the user grants as part of the database +# setup. Set to false to skip the user creation. +# Defaults to true. +# define openstacklib::db::mysql::host_access ( $user, $password_hash, $database, $privileges, + $create_user = true, + $create_grant = true, ) { validate_re($title, '_', 'Title must be $dbname_$host') $host = inline_template('<%= @title.split("_").last.downcase %>') - mysql_user { "${user}@${host}": - password_hash => $password_hash, - require => Mysql_database[$database], + if $create_user { + mysql_user { "${user}@${host}": + password_hash => $password_hash, + require => Mysql_database[$database], + } } - mysql_grant { "${user}@${host}/${database}.*": - privileges => $privileges, - table => "${database}.*", - require => Mysql_user["${user}@${host}"], - user => "${user}@${host}", + if $create_grant { + mysql_grant { "${user}@${host}/${database}.*": + privileges => $privileges, + table => "${database}.*", + require => Mysql_user["${user}@${host}"], + user => "${user}@${host}", + } } } diff --git a/releasenotes/notes/mysql-user-and-grants-optional-fd34f4686d44aec3.yaml b/releasenotes/notes/mysql-user-and-grants-optional-fd34f4686d44aec3.yaml new file mode 100644 index 00000000..3686f8bf --- /dev/null +++ b/releasenotes/notes/mysql-user-and-grants-optional-fd34f4686d44aec3.yaml @@ -0,0 +1,9 @@ +--- +features: + - Add the ability to skip the mysql user and/or grant creation as part of the + openstack::db::mysql resource. +fixes: + - openstack::db::mysql could not be used to create multiple databases + with the same user/password for access due to a duplicate mysql_user + resource declaration. Now the user and/or grant creation process can be + skipped if they already exist. diff --git a/spec/defines/openstacklib_db_mysql_host_access_spec.rb b/spec/defines/openstacklib_db_mysql_host_access_spec.rb index 40be56df..5724471d 100644 --- a/spec/defines/openstacklib_db_mysql_host_access_spec.rb +++ b/spec/defines/openstacklib_db_mysql_host_access_spec.rb @@ -30,6 +30,60 @@ describe 'openstacklib::db::mysql::host_access' do )} end + context 'with skipping user creation' do + let (:title) { 'nova_10.0.0.1' } + let :params do + { :user => 'foobar', + :password_hash => 'AA1420F182E88B9E5F874F6FBE7459291E8F4601', + :database => 'nova', + :privileges => 'ALL', + :create_user => false, + } + end + + it { is_expected.to_not contain_mysql_user("#{params[:user]}@10.0.0.1") } + + it { is_expected.to contain_mysql_grant("#{params[:user]}@10.0.0.1/#{params[:database]}.*").with( + :user => "#{params[:user]}@10.0.0.1", + :privileges => 'ALL', + :table => "#{params[:database]}.*" + )} + end + + context 'with skipping grant creation' do + let (:title) { 'nova_10.0.0.1' } + let :params do + { :user => 'foobar', + :password_hash => 'AA1420F182E88B9E5F874F6FBE7459291E8F4601', + :database => 'nova', + :privileges => 'ALL', + :create_grant => false, + } + end + + it { is_expected.to contain_mysql_user("#{params[:user]}@10.0.0.1").with( + :password_hash => params[:password_hash] + )} + + it { is_expected.to_not contain_mysql_grant("#{params[:user]}@10.0.0.1/#{params[:database]}.*") } + end + + context 'with skipping user and grant creation' do + let (:title) { 'nova_10.0.0.1' } + let :params do + { :user => 'foobar', + :password_hash => 'AA1420F182E88B9E5F874F6FBE7459291E8F4601', + :database => 'nova', + :privileges => 'ALL', + :create_user => false, + :create_grant => false, + } + end + + it { is_expected.to_not contain_mysql_user("#{params[:user]}@10.0.0.1") } + + it { is_expected.to_not contain_mysql_grant("#{params[:user]}@10.0.0.1/#{params[:database]}.*") } + end end on_supported_os({ diff --git a/spec/defines/openstacklib_db_mysql_spec.rb b/spec/defines/openstacklib_db_mysql_spec.rb index 943b1d1e..934d772d 100644 --- a/spec/defines/openstacklib_db_mysql_spec.rb +++ b/spec/defines/openstacklib_db_mysql_spec.rb @@ -40,9 +40,11 @@ describe 'openstacklib::db::mysql' do :collate => 'utf8_general_ci' )} it { is_expected.to contain_openstacklib__db__mysql__host_access("#{params[:dbname]}_127.0.0.1").with( - :user => title, - :database => params[:dbname], - :privileges => 'ALL' + :user => title, + :database => params[:dbname], + :privileges => 'ALL', + :create_user => true, + :create_grant => true, )} end @@ -56,9 +58,11 @@ describe 'openstacklib::db::mysql' do :collate => 'utf8_general_ci' )} it { is_expected.to contain_openstacklib__db__mysql__host_access("#{title}_127.0.0.1").with( - :user => params[:user], - :database => title, - :privileges => 'ALL', + :user => params[:user], + :database => title, + :privileges => 'ALL', + :create_user => true, + :create_grant => true, )} end @@ -143,6 +147,55 @@ describe 'openstacklib::db::mysql' do )} end + context 'with skipping user creation' do + let :params do + { :create_user => false }.merge(required_params) + end + + it { is_expected.to contain_mysql_database(title).with( + :charset => 'utf8', + :collate => 'utf8_general_ci' + )} + it { is_expected.to contain_openstacklib__db__mysql__host_access("#{title}_127.0.0.1").with( + :user => title, + :database => title, + :privileges => 'ALL', + :create_user => false, + :create_grant => true, + )} + end + + context 'with skipping grant creation' do + let :params do + { :create_grant => false }.merge(required_params) + end + + it { is_expected.to contain_mysql_database(title).with( + :charset => 'utf8', + :collate => 'utf8_general_ci' + )} + it { is_expected.to contain_openstacklib__db__mysql__host_access("#{title}_127.0.0.1").with( + :user => title, + :database => title, + :privileges => 'ALL', + :create_user => true, + :create_grant => false, + )} + end + + context 'with skipping user and grant creation' do + let :params do + { :create_user => false, + :create_grant => false }.merge(required_params) + end + + it { is_expected.to contain_mysql_database(title).with( + :charset => 'utf8', + :collate => 'utf8_general_ci' + )} + it { is_expected.to_not contain_openstacklib__db__mysql__host_access("#{title}_127.0.0.1") } + end + end on_supported_os({